Craft 4 Class Reference

GeneralConfig

Type
Class
Namespace
craft\config
Inherits
craft\config\GeneralConfig » craft\config\BaseConfig » craft\base\Model » yii\base\Model (opens new window) » yii\base\Component (opens new window) » yii\base\BaseObject (opens new window)
Implements
ArrayAccess (opens new window), IteratorAggregate (opens new window), craft\base\ModelInterface, yii\base\Arrayable (opens new window), yii\base\Configurable (opens new window), yii\base\StaticInstanceInterface (opens new window)
Uses traits
craft\base\ClonefixTrait, yii\base\ArrayableTrait (opens new window), yii\base\StaticInstanceTrait (opens new window)
Since
3.0.0

General config class

View source (opens new window)

# Public Properties

Property Description
accessibilityDefaults array (opens new window) – The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
actionTrigger string (opens new window) – The URI segment Craft should look for when determining if the current request should be routed to a controller action.
activateAccountSuccessPath mixed – The URI that users without access to the control panel should be redirected to after activating their account.
activeValidators (opens new window) yii\validators\Validator (opens new window) – The validators applicable to the current scenario (opens new window).
addTrailingSlashesToUrls boolean (opens new window) – Whether auto-generated URLs should have trailing slashes.
aliases array (opens new window) – Any custom Yii [aliases](https://www.
allowAdminChanges boolean (opens new window) – Whether admins should be allowed to make administrative changes to the system.
allowSimilarTags boolean (opens new window) – Whether users should be allowed to create similarly-named tags.
allowUpdates boolean (opens new window) – Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
allowUppercaseInSlug boolean (opens new window) – Whether uppercase letters should be allowed in slugs.
allowedFileExtensions string (opens new window)[] – The file extensions Craft should allow when a user is uploading files.
allowedGraphqlOrigins string (opens new window)[], null (opens new window), false (opens new window) – The Ajax origins that should be allowed to access the GraphQL API, if enabled.
attributes (opens new window) array (opens new window) – Attribute values (name => value).
autoLoginAfterAccountActivation boolean (opens new window) – Whether users should automatically be logged in after activating their account or resetting their password.
autosaveDrafts boolean (opens new window) – Whether drafts should be saved automatically as they are edited.
backupCommand string (opens new window), null (opens new window), false (opens new window) – The shell command that Craft should execute to create a database backup.
backupOnUpdate boolean (opens new window) – Whether Craft should create a database backup before applying a new system update.
baseCpUrl string (opens new window), null (opens new window) – The base URL Craft should use when generating control panel URLs.
behaviors (opens new window) yii\base\Behavior (opens new window) – List of behaviors attached to this component.
blowfishHashCost integer (opens new window) – The higher the cost value, the longer it takes to generate a password hash and to verify against it.
brokenImagePath string (opens new window), null (opens new window) – The server path to an image file that should be sent when responding to an image request with a 404 status code.
buildId string (opens new window), null (opens new window) – A unique ID representing the current build of the codebase.
cacheDuration mixed – The default length of time Craft will store data, RSS feed, and template caches.
convertFilenamesToAscii boolean (opens new window) – Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).
cooldownDuration mixed – The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
cpHeadTags array (opens new window) – List of additional HTML tags that should be included in the <head> of control panel pages.
cpTrigger string (opens new window), null (opens new window) – The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
csrfTokenName string (opens new window) – The name of CSRF token used for CSRF validation if config4:enableCsrfProtection (opens new window) is set to true.
defaultCookieDomain string (opens new window) – The domain that cookies generated by Craft should be created for.
defaultCountryCode string (opens new window) – The two-letter country code that addresses will be set to by default.
defaultCpLanguage string (opens new window), null (opens new window) – The default language the control panel should use for users who haven’t set a preferred language yet.
defaultCpLocale string (opens new window), null (opens new window) – The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
defaultDirMode mixed – The default permission to be set for newly-generated directories.
defaultFileMode integer (opens new window), null (opens new window) – The default permission to be set for newly-generated files.
defaultImageQuality integer (opens new window) – The quality level Craft will use when saving JPG and PNG files.
defaultSearchTermOptions array (opens new window) – The default options that should be applied to each search term.
defaultTemplateExtensions string (opens new window)[] – The template file extensions Craft will look for when matching a template path to a file on the front end.
defaultTokenDuration mixed – The default amount of time tokens can be used before expiring.
defaultWeekStartDay integer (opens new window) – The default day new users should have set as their Week Start Day.
deferPublicRegistrationPassword boolean (opens new window) – By default, Craft requires a front-end “password” field for public user registrations.
devMode boolean (opens new window) – Whether the system should run in [Dev Mode](https://craftcms.
disableGraphqlTransformDirective boolean (opens new window) – Whether the transform directive should be disabled for the GraphQL API.
disabledPlugins string (opens new window)[], string (opens new window), null (opens new window) – Array of plugin handles that should be disabled, regardless of what the project config says.
disallowRobots boolean (opens new window) – Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
elevatedSessionDuration mixed – The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
enableBasicHttpAuth boolean (opens new window) – Whether front-end web requests should support basic HTTP authentication.
enableCsrfCookie boolean (opens new window) – Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection (opens new window) is enabled.
enableCsrfProtection boolean (opens new window) – Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
enableGql boolean (opens new window) – Whether the GraphQL API should be enabled.
enableGraphqlCaching boolean (opens new window) – Whether Craft should cache GraphQL queries.
enableGraphqlIntrospection boolean (opens new window) – Whether GraphQL introspection queries are allowed.
enableTemplateCaching boolean (opens new window) – Whether to enable Craft’s template {% cache %} tag on a global basis.
errorTemplatePrefix string (opens new window) – The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
errors (opens new window) array (opens new window) – Errors for all attributes or the specified attribute.
extraAllowedFileExtensions string (opens new window)[], null (opens new window) – List of file extensions that will be merged into the config4:allowedFileExtensions (opens new window) config setting.
extraAppLocales string (opens new window)[], null (opens new window) – List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
extraFileKinds array (opens new window) – List of additional file kinds Craft should support.
extraLastNamePrefixes string (opens new window)[] – Any additional last name prefixes that should be supported by the name parser.
extraNameSalutations string (opens new window)[] – Any additional name salutations that should be supported by the name parser.
extraNameSuffixes string (opens new window)[] – Any additional name suffixes that should be supported by the name parser.
filenameWordSeparator string (opens new window), false (opens new window) – The string to use to separate words when uploading assets.
firstErrors (opens new window) array (opens new window) – The first errors.
generateTransformsBeforePageLoad boolean (opens new window) – Whether image transforms should be generated before page load.
gqlTypePrefix string (opens new window) – Prefix to use for all type names returned by GraphQL.
handleCasing string (opens new window) – The casing to use for autogenerated component handles.
headlessMode boolean (opens new window) – Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
httpProxy string (opens new window), null (opens new window) – The proxy server that should be used for outgoing HTTP requests.
imageDriver mixed – The image driver Craft should use to cleanse and transform images.
imageEditorRatios array (opens new window) – An array containing the selectable image aspect ratios for the image editor.
indexTemplateFilenames string (opens new window)[] – The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
invalidLoginWindowDuration mixed – The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
invalidUserTokenPath mixed – The URI Craft should redirect to when user token validation fails.
ipHeaders string (opens new window)[], null (opens new window) – List of headers where proxies store the real client IP.
isSystemLive boolean (opens new window), null (opens new window) – Whether the site is currently live.
iterator (opens new window) ArrayIterator (opens new window) – An iterator for traversing the items in the list.
limitAutoSlugsToAscii boolean (opens new window) – Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
loginPath mixed – The URI Craft should use for user login on the front end.
logoutPath mixed – The URI Craft should use for user logout on the front end.
maxBackups integer (opens new window), false (opens new window) – The number of backups Craft should make before it starts deleting the oldest backups.
maxCachedCloudImageSize integer (opens new window) – The maximum dimension size to use when caching images from external sources to use in transforms.
maxGraphqlBatchSize integer (opens new window) – The maximum allowed GraphQL queries that can be executed in a single batched request.
maxGraphqlComplexity integer (opens new window) – The maximum allowed complexity a GraphQL query is allowed to have.
maxGraphqlDepth integer (opens new window) – The maximum allowed depth a GraphQL query is allowed to reach.
maxGraphqlResults integer (opens new window) – The maximum allowed results for a single GraphQL query.
maxInvalidLogins integer (opens new window), false (opens new window) – The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
maxRevisions integer (opens new window), null (opens new window) – The maximum number of revisions that should be stored for each element.
maxSlugIncrement integer (opens new window) – The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
maxUploadFileSize integer (opens new window), string (opens new window) – The maximum upload file size allowed.
omitScriptNameInUrls boolean (opens new window) – Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path) This can only be possible if your server is configured to redirect would-be 404s to index.php, for example, with the redirect found in the .htaccess file that came with Craft: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.+) /index.php?p=$1 [QSA,L] ::: code php Static Config ->omitScriptNameInUrls(true) shell Environment Override CRAFT_OMIT_SCRIPT_NAME_IN_URLS=1 ::: ::: tip Even when this is set to true, the script name could still be included in some action URLs.
optimizeImageFilesize boolean (opens new window) – Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality.
pageTrigger string (opens new window) – The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
passwordPath mixed
passwordRequestPath mixed
passwordSuccessPath mixed
pathParam string (opens new window), null (opens new window) – The query string param that Craft will check when determining the request’s path.
permissionsPolicyHeader string (opens new window), null (opens new window) – The Permissions-Policy header that should be sent for web responses.
phpMaxMemoryLimit string (opens new window), null (opens new window) – The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating.
phpSessionName string (opens new window) – The name of the PHP session cookie.
postCpLoginRedirect mixed – The path users should be redirected to after logging into the control panel.
postLoginRedirect mixed – The path users should be redirected to after logging in from the front-end site.
postLogoutRedirect mixed – The path that users should be redirected to after logging out from the front-end site.
prefixGqlRootTypes boolean (opens new window) – Whether the config4:gqlTypePrefix (opens new window) config setting should have an impact on query, mutation, and subscription types.
preloadSingles boolean (opens new window) – Whether Single section entries should be preloaded for Twig templates.
preserveCmykColorspace boolean (opens new window) – Whether CMYK should be preserved as the colorspace when manipulating images.
preserveExifData boolean (opens new window) – Whether the EXIF data should be preserved when manipulating and uploading images.
preserveImageColorProfiles boolean (opens new window) – Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
preventUserEnumeration boolean (opens new window) – When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
previewIframeResizerOptions array (opens new window) – Custom [iFrame Resizer options](http://davidjbradshaw.
previewTokenDuration mixed – The amount of time content preview tokens can be used before expiring.
privateTemplateTrigger string (opens new window) – The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
purgePendingUsersDuration mixed – The amount of time to wait before Craft purges pending users from the system that have not activated.
purgeStaleUserSessionDuration mixed – The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
purgeUnsavedDraftsDuration mixed – The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
rasterizeSvgThumbs boolean (opens new window) – Whether SVG thumbnails should be rasterized.
rememberUsernameDuration mixed – The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
rememberedUserSessionDuration mixed – The amount of time a user stays logged if “Remember Me” is checked on the login page.
requireMatchingUserAgentForSession boolean (opens new window) – Whether Craft should require a matching user agent string when restoring a user session from a cookie.
requireUserAgentAndIpForSession boolean (opens new window) – Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
resourceBasePath string (opens new window) – The path to the root directory that should store published control panel resources.
resourceBaseUrl string (opens new window) – The URL to the root directory that should store published control panel resources.
restoreCommand string (opens new window), null (opens new window), false (opens new window) – The shell command Craft should execute to restore a database backup.
revAssetUrls boolean (opens new window) – Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
rotateImagesOnUploadByExifData boolean (opens new window) – Whether Craft should rotate images according to their EXIF data on upload.
runQueueAutomatically boolean (opens new window) – Whether Craft should run pending queue jobs automatically when someone visits the control panel.
sameSiteCookieValue string (opens new window), null (opens new window) – The [SameSite](https://developer.
sanitizeCpImageUploads boolean (opens new window) – Whether images uploaded via the control panel should be sanitized.
sanitizeSvgUploads boolean (opens new window) – Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
scenario (opens new window) string (opens new window) – The scenario that this model is in.
secureHeaders array (opens new window), null (opens new window) – Lists of headers that are, by default, subject to the trusted host configuration.
secureProtocolHeaders array (opens new window), null (opens new window) – List of headers to check for determining whether the connection is made via HTTPS.
securityKey string (opens new window) – A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
sendContentLengthHeader boolean (opens new window) – Whether a Content-Length header should be sent with responses.
sendPoweredByHeader boolean (opens new window) – Whether an X-Powered-By: Craft CMS header should be sent, helping services like [BuiltWith](https://builtwith.
setGraphqlDatesToSystemTimeZone boolean (opens new window) – Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
setPasswordPath mixed – The URI or URL that Craft should use for Set Password forms on the front end.
setPasswordRequestPath mixed – The URI to the page where users can request to change their password.
setPasswordSuccessPath mixed – The URI Craft should redirect users to after setting their password from the front end.
siteToken string (opens new window) – The query string parameter name that site tokens should be set to.
slugWordSeparator string (opens new window) – The character(s) that should be used to separate words in slugs.
softDeleteDuration mixed – The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
storeUserIps boolean (opens new window) – Whether user IP addresses should be stored/logged by the system.
testToEmailAddress string (opens new window), array (opens new window), null (opens new window), false (opens new window) – Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
timezone string (opens new window), null (opens new window) – The timezone of the site.
tokenParam string (opens new window) – The query string parameter name that Craft tokens should be set to.
transformGifs boolean (opens new window) – Whether GIF files should be cleansed/transformed.
transformSvgs boolean (opens new window) – Whether SVG files should be transformed.
translationDebugOutput boolean (opens new window) – Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the |translate filter.
trustedHosts array (opens new window) – The configuration for trusted security-related headers.
upscaleImages boolean (opens new window) – Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
useEmailAsUsername boolean (opens new window) – Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
useFileLocks boolean (opens new window), null (opens new window) – Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.
useIframeResizer boolean (opens new window) – Whether [iFrame Resizer options](http://davidjbradshaw.
usePathInfo boolean (opens new window) – Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.
useSecureCookies boolean (opens new window), string (opens new window) – Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.
useSslOnTokenizedUrls boolean (opens new window), string (opens new window) – Determines what protocol/schema Craft will use when generating tokenized URLs.
userSessionDuration mixed – The amount of time before a user will get logged out due to inactivity.
validators (opens new window) ArrayObject (opens new window), yii\validators\Validator (opens new window) – All the validators declared in the model.
verificationCodeDuration mixed – The amount of time a user verification code can be used before expiring.
verifyEmailPath mixed – The URI or URL that Craft should use for email verification links on the front end.
verifyEmailSuccessPath mixed – The URI that users without access to the control panel should be redirected to after verifying a new email address.

# accessibilityDefaults

Type
array (opens new window)
Default value
[ 'alwaysShowFocusRings' => false, 'useShapes' => false, 'underlineLinks' => false, 'notificationDuration' => 5000, ]
Since
3.6.4

The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.

The array can contain the following keys:

  • alwaysShowFocusRings - Whether focus rings should always be shown when an element has focus.
  • useShapes – Whether shapes should be used to represent statuses.
  • underlineLinks – Whether links should be underlined.
  • notificationDuration – How long notifications should be shown before they disappear automatically (in milliseconds). Set to 0 to show them indefinitely.
->accessibilityDefaults([
    'useShapes' => true,
])

View source (opens new window)

# actionTrigger

Type
string (opens new window)
Default value
'actions'

The URI segment Craft should look for when determining if the current request should be routed to a controller action.

->actionTrigger('do-it')

View source (opens new window)

# activateAccountSuccessPath

Type
mixed
Default value
''

The URI that users without access to the control panel should be redirected to after activating their account.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->activateAccountSuccessPath('welcome')

See also getActivateAccountSuccessPath()

View source (opens new window)

# addTrailingSlashesToUrls

Type
boolean (opens new window)
Default value
false

Whether auto-generated URLs should have trailing slashes.

->addTrailingSlashesToUrls(true)

View source (opens new window)

# aliases

Type
array (opens new window)
Default value
[]

Any custom Yii aliases (opens new window) that should be defined for every request.

->aliases([
    '@webroot' => '/var/www/',
])

View source (opens new window)

# allowAdminChanges

Type
boolean (opens new window)
Default value
true
Since
3.1.0

Whether admins should be allowed to make administrative changes to the system.

When this is disabled, the Settings section will be hidden, the Craft edition and Craft/plugin versions will be locked, and the project config and Plugin Store will become read-only—though Craft and plugin licenses may still be purchased.

It’s best to disable this in production environments with a deployment workflow that runs composer install and propagates project config updates on deploy.

WARNING

Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.

->allowAdminChanges(false)

View source (opens new window)

# allowSimilarTags

Type
boolean (opens new window)
Default value
false

Whether users should be allowed to create similarly-named tags.

->allowSimilarTags(true)

View source (opens new window)

# allowUpdates

Type
boolean (opens new window)
Default value
true

Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.

This setting will automatically be disabled if config4:allowAdminChanges (opens new window) is disabled.

->allowUpdates(false)

View source (opens new window)

# allowUppercaseInSlug

Type
boolean (opens new window)
Default value
false

Whether uppercase letters should be allowed in slugs.

->allowUppercaseInSlug(true)

View source (opens new window)

# allowedFileExtensions

Type
string (opens new window)[]
Default value
[ '7z', 'aiff', 'asc', 'asf', 'avi', 'avif', 'bmp', 'cap', 'cin', 'csv', 'dfxp', 'doc', 'docx', 'dotm', 'dotx', 'fla', 'flv', 'gif', 'gz', 'gzip', 'heic', 'heif', 'hevc', 'itt', 'jp2', 'jpeg', 'jpg', 'jpx', 'js', 'json', 'lrc', 'm2t', 'm4a', 'm4v', 'mcc', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'mpsub', 'ods', 'odt', 'ogg', 'ogv', 'pdf', 'png', 'potx', 'pps', 'ppsm', 'ppsx', 'ppt', 'pptm', 'pptx', 'ppz', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rt', 'rtf', 'sami', 'sbv', 'scc', 'sdc', 'sitd', 'smi', 'srt', 'stl', 'sub', 'svg', 'swf', 'sxc', 'sxw', 'tar', 'tds', 'tgz', 'tif', 'tiff', 'ttml', 'txt', 'vob', 'vsd', 'vtt', 'wav', 'webm', 'webp', 'wma', 'wmv', 'xls', 'xlsx', 'zip', ]

The file extensions Craft should allow when a user is uploading files.

// Nothing bug GIFs!
->allowedFileExtensions([
    'gif',
])

See also extraAllowedFileExtensions()

View source (opens new window)

# allowedGraphqlOrigins

Type
string (opens new window)[], null (opens new window), false (opens new window)
Default value
null
Since
3.5.0

The Ajax origins that should be allowed to access the GraphQL API, if enabled.

If this is set to an array, then graphql/api requests will only include the current request’s origin (opens new window) in the Access-Control-Allow-Origin response header if it’s listed here.

If this is set to false, then the Access-Control-Allow-Origin response header will never be sent.

->allowedGraphqlOrigins(false)

View source (opens new window)

# autoLoginAfterAccountActivation

Type
boolean (opens new window)
Default value
false

Whether users should automatically be logged in after activating their account or resetting their password.

->autoLoginAfterAccountActivation(true)

View source (opens new window)

# autosaveDrafts

DEPRECATED

Deprecated in 4.0.0

Type
boolean (opens new window)
Default value
true
Since
3.5.6

Whether drafts should be saved automatically as they are edited.

WARNING

Disabling this will also disable Live Preview.

CRAFT_AUTOSAVE_DRAFTS=false

View source (opens new window)

# backupCommand

Type
string (opens new window), null (opens new window), false (opens new window)
Default value
null

The shell command that Craft should execute to create a database backup.

When set to null (default), Craft will run mysqldump or pg_dump, provided that those libraries are in the $PATH variable for the system user running the web server.

You may provide your own command, which can include several tokens Craft will substitute at runtime:

  • {file} - the target backup file path
  • {port} - the current database port
  • {server} - the current database hostname
  • {user} - user that was used to connect to the database
  • {password} - password for the specified {user}
  • {database} - the current database name
  • {schema} - the current database schema (if any)

This can also be set to false to disable database backups completely.

->backupCommand(false)

View source (opens new window)

# backupOnUpdate

Type
boolean (opens new window)
Default value
true

Whether Craft should create a database backup before applying a new system update.

->backupOnUpdate(false)

See also backupCommand()

View source (opens new window)

# baseCpUrl

Type
string (opens new window), null (opens new window)
Default value
null

The base URL Craft should use when generating control panel URLs.

It will be determined automatically if left blank.

TIP

The base control panel URL should not include the control panel trigger word (opens new window) (e.g. /admin).

->baseCpUrl('https://cms.my-project.tld/')

View source (opens new window)

# blowfishHashCost

Type
integer (opens new window)
Default value
13

The higher the cost value, the longer it takes to generate a password hash and to verify against it.

Therefore, higher cost slows down a brute-force attack.

For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.

The time taken to compute the hash doubles for every increment by one for this value.

For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.

->blowfishHashCost(15)

View source (opens new window)

# brokenImagePath

Type
string (opens new window), null (opens new window)
Default value
null
Since
3.5.0

The server path to an image file that should be sent when responding to an image request with a 404 status code.

This can be set to an aliased path such as @webroot/assets/404.svg.

->brokenImagePath('@webroot/assets/404.svg')

View source (opens new window)

# buildId

Type
string (opens new window), null (opens new window)
Default value
null
Since
4.0.0

A unique ID representing the current build of the codebase.

This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.

->buildId(\craft\helpers\App::env('GIT_SHA'))

View source (opens new window)

# cacheDuration

Type
mixed
Default value
86400 (1 day)

The default length of time Craft will store data, RSS feed, and template caches.

If set to 0, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->cacheDuration(0)

View source (opens new window)

# convertFilenamesToAscii

Type
boolean (opens new window)
Default value
false

Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).

TIP

You can run php craft utils/ascii-filenames in your terminal to apply ASCII filenames to all existing assets.

->convertFilenamesToAscii(false)

View source (opens new window)

# cooldownDuration

Type
mixed
Default value
300 (5 minutes)

The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.

Set to 0 to keep the account locked indefinitely, requiring an admin to manually unlock the account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->cooldownDuration(0)

View source (opens new window)

# cpHeadTags

Type
array (opens new window)
Default value
[]
Since
3.5.0

List of additional HTML tags that should be included in the <head> of control panel pages.

Each tag can be specified as an array of the tag name and its attributes.

For example, you can give the control panel a custom favicon (etc.) like this:

->cpHeadTags([
    // Traditional favicon
    ['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
    // Scalable favicon for browsers that support them
    ['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
    // Touch icon for mobile devices
    ['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
    // Pinned tab icon for Safari
    ['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])

View source (opens new window)

# cpTrigger

Type
string (opens new window), null (opens new window)
Default value
'admin'

The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.

This can be set to null if you have a dedicated hostname for the control panel (e.g. cms.my-project.tld), or you are running Craft in Headless Mode (opens new window). If you do that, you will need to ensure that the control panel is being served from its own web root directory on your server, with an index.php file that defines the CRAFT_CP PHP constant.

define('CRAFT_CP', true);

Alternatively, you can set the config4:baseCpUrl (opens new window) config setting, but then you will run the risk of losing access to portions of your control panel due to URI conflicts with actual folders/files in your main web root.

(For example, if you have an assets/ folder, that would conflict with the /assets page in the control panel.)

->cpTrigger(null)

View source (opens new window)

# csrfTokenName

Type
string (opens new window)
Default value
'CRAFT_CSRF_TOKEN'

The name of CSRF token used for CSRF validation if config4:enableCsrfProtection (opens new window) is set to true.

->csrfTokenName('MY_CSRF')

See also enableCsrfProtection()

View source (opens new window)

# defaultCookieDomain

Type
string (opens new window)
Default value
''

The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.

->defaultCookieDomain('.my-project.tld')

View source (opens new window)

# defaultCountryCode

Type
string (opens new window)
Default value
'US'
Since
4.5.0

The two-letter country code that addresses will be set to by default.

See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 (opens new window) for a list of acceptable country codes.

->defaultCountryCode('GB')

View source (opens new window)

# defaultCpLanguage

Type
string (opens new window), null (opens new window)
Default value
null

The default language the control panel should use for users who haven’t set a preferred language yet.

->defaultCpLanguage('en-US')

View source (opens new window)

# defaultCpLocale

Type
string (opens new window), null (opens new window)
Default value
null
Since
3.5.0

The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.

If this is null, the config4:defaultCpLanguage (opens new window) config setting will determine which locale is used for date/number formatting by default.

->defaultCpLocale('en-US')

View source (opens new window)

# defaultDirMode

Type
mixed
Default value
0775

The default permission to be set for newly-generated directories.

If set to null, the permission will be determined by the current environment.

->defaultDirMode(0744)

View source (opens new window)

# defaultFileMode

Type
integer (opens new window), null (opens new window)
Default value
null

The default permission to be set for newly-generated files.

If set to null, the permission will be determined by the current environment.

->defaultFileMode(0744)

View source (opens new window)

# defaultImageQuality

Type
integer (opens new window)
Default value
82

The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).

->defaultImageQuality(90)

View source (opens new window)

# defaultSearchTermOptions

Type
array (opens new window)
Default value
[]

The default options that should be applied to each search term.

Options include:

  • subLeft – Whether to include keywords that contain the term, with additional characters before it. (false by default)
  • subRight – Whether to include keywords that contain the term, with additional characters after it. (true by default)
  • exclude – Whether search results should exclude records with this term. (false by default)
  • exact – Whether the term must be an exact match (only applies if the search term specifies an attribute). (false by default)
->defaultSearchTermOptions([
    'subLeft' => true,
    'exclude' => 'secret',
])

View source (opens new window)

# defaultTemplateExtensions

Type
string (opens new window)[]
Default value
[ 'html', 'twig', ]

The template file extensions Craft will look for when matching a template path to a file on the front end.

->defaultTemplateExtensions(['html', 'twig', 'txt'])

View source (opens new window)

# defaultTokenDuration

Type
mixed
Default value
86400 (1 day)

The default amount of time tokens can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// One week
->defaultTokenDuration(604800)

View source (opens new window)

# defaultWeekStartDay

Type
integer (opens new window)
Default value
1 (Monday)

The default day new users should have set as their Week Start Day.

This should be set to one of the following integers:

  • 0 – Sunday
  • 1 – Monday
  • 2 – Tuesday
  • 3 – Wednesday
  • 4 – Thursday
  • 5 – Friday
  • 6 – Saturday
->defaultWeekStartDay(0)

View source (opens new window)

# deferPublicRegistrationPassword

Type
boolean (opens new window)
Default value
false

By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.

If you have email verification enabled, new users will set their password once they’ve followed the verification link in the email. If you don’t, the only way they can set their password is to go through your “forgot password” workflow.

->deferPublicRegistrationPassword(true)

View source (opens new window)

# devMode

Type
boolean (opens new window)
Default value
false

Whether the system should run in Dev Mode (opens new window).

->devMode(true)

View source (opens new window)

# disableGraphqlTransformDirective

Type
boolean (opens new window)
Default value
false
Since
3.6.0

Whether the transform directive should be disabled for the GraphQL API.

->disableGraphqlTransformDirective(true)

View source (opens new window)

# disabledPlugins

Type
string (opens new window)[], string (opens new window), null (opens new window)
Default value
null
Since
3.1.9

Array of plugin handles that should be disabled, regardless of what the project config says.

->disabledPlugins([
    'webhooks',
])

This can also be set to '*' to disable all plugins.

->disabledPlugins('*')

WARNING

This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.

->disabledPlugins([
    'redactor',
    'webhooks',
])

View source (opens new window)

# disallowRobots

Type
boolean (opens new window)
Default value
false
Since
3.5.10

Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.

TIP

This should be set to true for development and staging environments.

->disallowRobots(true)

View source (opens new window)

# elevatedSessionDuration

Type
mixed
Default value
300 (5 minutes)

The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).

Set to 0 to disable elevated session support.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->elevatedSessionDuration(0)

View source (opens new window)

# enableBasicHttpAuth

Type
boolean (opens new window)
Default value
false
Since
3.5.0

Whether front-end web requests should support basic HTTP authentication.

->enableBasicHttpAuth(true)

View source (opens new window)

# enableCsrfCookie

Type
boolean (opens new window)
Default value
true

Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection (opens new window) is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.

->enableCsrfCookie(false)

See also enableCsrfProtection()

View source (opens new window)

# enableCsrfProtection

Type
boolean (opens new window)
Default value
true

Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.

->enableCsrfProtection(false)

See also:

View source (opens new window)

# enableGql

Type
boolean (opens new window)
Default value
true
Since
3.3.1

Whether the GraphQL API should be enabled.

The GraphQL API is only available for Craft Pro.

->enableGql(false)

View source (opens new window)

# enableGraphqlCaching

Type
boolean (opens new window)
Default value
true
Since
3.3.12

Whether Craft should cache GraphQL queries.

If set to true, Craft will cache the results for unique GraphQL queries per access token. The cache is automatically invalidated any time an element is saved, the site structure is updated, or a GraphQL schema is saved.

This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result property.

->enableGraphqlCaching(false)

View source (opens new window)

# enableGraphqlIntrospection

Type
boolean (opens new window)
Default value
true
Since
3.6.0

Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.

->enableGraphqlIntrospection(false)

View source (opens new window)

# enableTemplateCaching

Type
boolean (opens new window)
Default value
true

Whether to enable Craft’s template {% cache %} tag on a global basis.

->enableTemplateCaching(false)

See also https://craftcms.com/docs/templating/cache

View source (opens new window)

# errorTemplatePrefix

Type
string (opens new window)
Default value
''

The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.

If set to '_' your site’s 404 template would live at templates/_404.twig, for example.

->errorTemplatePrefix('_')

View source (opens new window)

# extraAllowedFileExtensions

Type
string (opens new window)[], null (opens new window)
Default value
null

List of file extensions that will be merged into the config4:allowedFileExtensions (opens new window) config setting.

->extraAllowedFileExtensions(['mbox', 'xml'])

See also allowedFileExtensions()

View source (opens new window)

# extraAppLocales

Type
string (opens new window)[], null (opens new window)
Default value
null
Since
3.0.24

List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.

->extraAppLocales(['uk'])

View source (opens new window)

# extraFileKinds

Type
array (opens new window)
Default value
[]
Since
3.0.37

List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().

->extraFileKinds([
    // merge .psb into list of Photoshop file kinds
    'photoshop' => [
        'extensions' => ['psb'],
    ],
    // register new "Stylesheet" file kind
    'stylesheet' => [
        'label' => 'Stylesheet',
        'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
    ],
])

TIP

File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions (opens new window) config setting.

View source (opens new window)

# extraLastNamePrefixes

Type
string (opens new window)[]
Default value
[]
Since
4.3.0

Any additional last name prefixes that should be supported by the name parser.

->extraLastNamePrefixes(['Dal', 'Van Der'])

View source (opens new window)

# extraNameSalutations

Type
string (opens new window)[]
Default value
[]
Since
4.3.0

Any additional name salutations that should be supported by the name parser.

->extraNameSalutations(['Lady', 'Sire'])

View source (opens new window)

# extraNameSuffixes

Type
string (opens new window)[]
Default value
[]
Since
4.3.0

Any additional name suffixes that should be supported by the name parser.

->extraNameSuffixes(['CCNA', 'OBE'])

View source (opens new window)

# filenameWordSeparator

Type
string (opens new window), false (opens new window)
Default value
'-'

The string to use to separate words when uploading assets. If set to false, spaces will be left alone.

->filenameWordSeparator(false)

View source (opens new window)

# generateTransformsBeforePageLoad

Type
boolean (opens new window)
Default value
false

Whether image transforms should be generated before page load.

->generateTransformsBeforePageLoad(true)

View source (opens new window)

# gqlTypePrefix

Type
string (opens new window)
Default value
''

Prefix to use for all type names returned by GraphQL.

->gqlTypePrefix('craft_')

View source (opens new window)

# handleCasing

Type
string (opens new window)
Default value
self::CAMEL_CASE
Since
3.6.0

The casing to use for autogenerated component handles.

View source (opens new window)

# headlessMode

Type
boolean (opens new window)
Default value
false
Since
3.3.0

Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.

When this is enabled, the following changes will take place:

TIP

With Headless Mode enabled, users may only set passwords and verify email addresses via the control panel. Be sure to grant “Access the control panel” permission to all content editors and administrators. You’ll also need to set the config4:baseCpUrl (opens new window) config setting if the control panel is located on a different domain than your front end.

->headlessMode(true)

View source (opens new window)

# httpProxy

Type
string (opens new window), null (opens new window)
Default value
null
Since
3.7.0

The proxy server that should be used for outgoing HTTP requests.

This can be set to a URL (http://localhost) or a URL plus a port (http://localhost:8125).

->httpProxy('http://localhost')

View source (opens new window)

# imageDriver

Type
mixed
Default value
self::IMAGE_DRIVER_AUTO

The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior.

->imageDriver('imagick')

View source (opens new window)

# imageEditorRatios

Type
array (opens new window)
Default value
[ 'Unconstrained' => 'none', 'Original' => 'original', 'Square' => 1, '16:9' => 1.78, '10:8' => 1.25, '7:5' => 1.4, '4:3' => 1.33, '5:3' => 1.67, '3:2' => 1.5, ]

An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.

->imageEditorRatios([
    'Unconstrained' => 'none',
    'Original' => 'original',
    'Square' => 1,
    'IMAX' => 1.9,
    'Widescreen' => 1.78,
])

View source (opens new window)

# indexTemplateFilenames

Type
string (opens new window)[]
Default value
[ 'index', ]

The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.

->indexTemplateFilenames(['index', 'default'])

View source (opens new window)

# invalidLoginWindowDuration

Type
mixed
Default value
3600 (1 hour)

The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 1 day
->invalidLoginWindowDuration(86400)

View source (opens new window)

# invalidUserTokenPath

Type
mixed
Default value
''

The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

// 1 day
->invalidUserTokenPath('nope')

See also getInvalidUserTokenPath()

View source (opens new window)

# ipHeaders

Type
string (opens new window)[], null (opens new window)
Default value
null

List of headers where proxies store the real client IP.

See yii\web\Request::$ipHeaders (opens new window) for more details.

If not set, the default craft\web\Request::$ipHeaders value will be used.

->ipHeaders(['X-Forwarded-For', 'CF-Connecting-IP'])

View source (opens new window)

# isSystemLive

Type
boolean (opens new window), null (opens new window)
Default value
null

Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.

->isSystemLive(true)

View source (opens new window)

# limitAutoSlugsToAscii

Type
boolean (opens new window)
Default value
false

Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).

TIP

This only affects the JavaScript auto-generated slugs. Non-ASCII characters can still be used in slugs if entered manually.

->limitAutoSlugsToAscii(true)

View source (opens new window)

# loginPath

Type
mixed
Default value
'login'

The URI Craft should use for user login on the front end.

This can be set to false to disable front-end login.

Note that this config setting is ignored when config4:headlessMode (opens new window) is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->loginPath(false)

See also getLoginPath()

View source (opens new window)

# logoutPath

Type
mixed
Default value
'logout'

The URI Craft should use for user logout on the front end.

This can be set to false to disable front-end logout.

Note that this config setting is ignored when config4:headlessMode (opens new window) is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->logoutPath(false)

See also getLogoutPath()

View source (opens new window)

# maxBackups

Type
integer (opens new window), false (opens new window)
Default value
20

The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.

->maxBackups(5)

View source (opens new window)

# maxCachedCloudImageSize

Type
integer (opens new window)
Default value
2000

The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.

->maxCachedCloudImageSize(0)

View source (opens new window)

# maxGraphqlBatchSize

Type
integer (opens new window)
Default value
0
Since
4.5.5

The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.

->maxGraphqlBatchSize(5)

View source (opens new window)

# maxGraphqlComplexity

Type
integer (opens new window)
Default value
0
Since
3.6.0

The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.

->maxGraphqlComplexity(500)

View source (opens new window)

# maxGraphqlDepth

Type
integer (opens new window)
Default value
0
Since
3.6.0

The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.

->maxGraphqlDepth(5)

View source (opens new window)

# maxGraphqlResults

Type
integer (opens new window)
Default value
0
Since
3.6.0

The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.

->maxGraphqlResults(100)

View source (opens new window)

# maxInvalidLogins

Type
integer (opens new window), false (opens new window)
Default value
5

The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.

->maxInvalidLogins(3)

View source (opens new window)

# maxRevisions

Type
integer (opens new window), null (opens new window)
Default value
50
Since
3.2.0

The maximum number of revisions that should be stored for each element.

Set to 0 if you want to store an unlimited number of revisions.

->maxRevisions(25)

View source (opens new window)

# maxSlugIncrement

Type
integer (opens new window)
Default value
100

The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.

->maxSlugIncrement(10)

View source (opens new window)

# maxUploadFileSize

Type
integer (opens new window), string (opens new window)
Default value
16777216 (16MB)

The maximum upload file size allowed.

See craft\helpers\ConfigHelper::sizeInBytes() for a list of supported value types.

// 25MB
->maxUploadFileSize(26214400)

View source (opens new window)

# omitScriptNameInUrls

Type
boolean (opens new window)
Default value
false

Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)

This can only be possible if your server is configured to redirect would-be 404s to index.php, for example, with the redirect found in the .htaccess file that came with Craft:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.+) /index.php?p=$1 [QSA,L]

->omitScriptNameInUrls(true)

TIP

Even when this is set to true, the script name could still be included in some action URLs. If you want to ensure that index.php is fully omitted from all generated URLs, set the config4:pathParam (opens new window) config setting to null.

View source (opens new window)

# optimizeImageFilesize

Type
boolean (opens new window)
Default value
true

Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)

->optimizeImageFilesize(false)

See also imageDriver()

View source (opens new window)

# pageTrigger

Type
string (opens new window)
Default value
'p'

The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.

Example Value Example URI
p /news/p5
page /news/page5
page/ /news/page/5
?page /news?page=5

TIP

If you want to set this to ?p (e.g. /news?p=5), you’ll also need to change your config4:pathParam (opens new window) setting which defaults to p. If your server is running Apache, you’ll need to update the redirect code in your .htaccess file to match your new pathParam value.

->pageTrigger('page')

See also getPageTrigger()

View source (opens new window)

# passwordPath

Type
mixed
Default value
null
Access
Write-only
Since
4.2.0

View source (opens new window)

# passwordRequestPath

Type
mixed
Default value
null
Access
Write-only
Since
4.2.0

View source (opens new window)

# passwordSuccessPath

Type
mixed
Default value
null
Access
Write-only
Since
4.2.0

View source (opens new window)

# pathParam

Type
string (opens new window), null (opens new window)
Default value
'p'

The query string param that Craft will check when determining the request’s path.

This can be set to null if your web server is capable of directing traffic to index.php without a query string param. If you’re using Apache, that means you’ll need to change the RewriteRule line in your .htaccess file to:

RewriteRule (.+) index.php [QSA,L]

->pathParam(null)

View source (opens new window)

# permissionsPolicyHeader

Type
string (opens new window), null (opens new window)
Default value
null
Since
3.6.14

The Permissions-Policy header that should be sent for web responses.

->permissionsPolicyHeader('Permissions-Policy: geolocation=(self)')

View source (opens new window)

# phpMaxMemoryLimit

Type
string (opens new window), null (opens new window)
Default value
null

The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.

See https://php.net/manual/en/faq.using.php#faq.using.shorthandbytes (opens new window) for a list of acceptable values.

->phpMaxMemoryLimit('512M')

View source (opens new window)

# phpSessionName

Type
string (opens new window)
Default value
'CraftSessionId'

The name of the PHP session cookie.

->phpSessionName(null)

See also https://php.net/manual/en/function.session-name.php

View source (opens new window)

# postCpLoginRedirect

Type
mixed
Default value
'dashboard'

The path users should be redirected to after logging into the control panel.

This setting will also come into effect if a user visits the control panel’s login page (/admin/login) or the control panel’s root URL (/admin) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->postCpLoginRedirect('entries')

See also getPostCpLoginRedirect()

View source (opens new window)

# postLoginRedirect

Type
mixed
Default value
''

The path users should be redirected to after logging in from the front-end site.

This setting will also come into effect if the user visits the login page (as specified by the config4:loginPath (opens new window) config setting) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->postLoginRedirect('welcome')

See also getPostLoginRedirect()

View source (opens new window)

# postLogoutRedirect

Type
mixed
Default value
''

The path that users should be redirected to after logging out from the front-end site.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->postLogoutRedirect('goodbye')

See also getPostLogoutRedirect()

View source (opens new window)

# prefixGqlRootTypes

Type
boolean (opens new window)
Default value
true
Since
3.6.6

Whether the config4:gqlTypePrefix (opens new window) config setting should have an impact on query, mutation, and subscription types.

->prefixGqlRootTypes(false)

View source (opens new window)

# preloadSingles

Type
boolean (opens new window)
Default value
false
Since
4.4.0

Whether Single section entries should be preloaded for Twig templates.

When enabled, Craft will make an educated guess on which Singles should be preloaded for each template based on the variable names that are referenced.

WARNING

You will need to clear your compiled templates from the Caches utility before this setting will take effect.

->preloadSingles()

View source (opens new window)

# preserveCmykColorspace

Type
boolean (opens new window)
Default value
false
Since
3.0.8

Whether CMYK should be preserved as the colorspace when manipulating images.

Setting this to true will prevent Craft from transforming CMYK images to sRGB, but on some ImageMagick versions it can cause image color distortion. This will only have an effect if ImageMagick is in use.

->preserveCmykColorspace(true)

View source (opens new window)

# preserveExifData

Type
boolean (opens new window)
Default value
false

Whether the EXIF data should be preserved when manipulating and uploading images.

Setting this to true will result in larger image file sizes.

This will only have effect if ImageMagick is in use.

->preserveExifData(true)

View source (opens new window)

# preserveImageColorProfiles

Type
boolean (opens new window)
Default value
true

Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.

Setting this to false will reduce the image size a little bit, but on some ImageMagick versions can cause images to be saved with an incorrect gamma value, which causes the images to become very dark. This will only have effect if ImageMagick is in use.

->preserveImageColorProfiles(false)

View source (opens new window)

# preventUserEnumeration

Type
boolean (opens new window)
Default value
false

When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.

When set to false and you go through the “forgot password” flow from the control panel login page, you’ll get distinct messages indicating whether the username/email exists and whether an email was sent with further instructions. This can be helpful for the user attempting to log in but allow for username/email enumeration based on the response.

->preventUserEnumeration(true)

View source (opens new window)

# previewIframeResizerOptions

Type
array (opens new window)
Default value
[]
Since
3.5.0

Custom iFrame Resizer options (opens new window) that should be used for preview iframes.

->previewIframeResizerOptions([
    'autoResize' => false,
])

View source (opens new window)

# previewTokenDuration

Type
mixed
Default value
null (1 day)
Since
3.7.0

The amount of time content preview tokens can be used before expiring.

Defaults to config4:defaultTokenDuration (opens new window) value.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 1 hour
->previewTokenDuration(3600)

View source (opens new window)

# privateTemplateTrigger

Type
string (opens new window)
Default value
'_'

The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.

Set to an empty value to disable public template routing.

->privateTemplateTrigger('')

View source (opens new window)

# purgePendingUsersDuration

Type
mixed
Default value
0

The amount of time to wait before Craft purges pending users from the system that have not activated.

Any content assigned to a pending user will be deleted as well when the given time interval passes.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

TIP

Users will only be purged when garbage collection (opens new window) is run.

// 2 weeks
->purgePendingUsersDuration(1209600)

View source (opens new window)

# purgeStaleUserSessionDuration

Type
mixed
Default value
7776000 (90 days)
Since
3.3.0

The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 1 week
->purgeStaleUserSessionDuration(604800)

View source (opens new window)

# purgeUnsavedDraftsDuration

Type
mixed
Default value
2592000 (30 days)
Since
3.2.0

The amount of time to wait before Craft purges unpublished drafts that were never updated with content.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->purgeUnsavedDraftsDuration(0)

View source (opens new window)

# rasterizeSvgThumbs

Type
boolean (opens new window)
Default value
false
Since
3.6.0

Whether SVG thumbnails should be rasterized.

This will only work if ImageMagick is installed, and config4:imageDriver (opens new window) is set to either auto or imagick.

->rasterizeSvgThumbs(true)

View source (opens new window)

# rememberUsernameDuration

Type
mixed
Default value
31536000 (1 year)

The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.

Set to 0 to disable this feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->rememberUsernameDuration(0)

View source (opens new window)

# rememberedUserSessionDuration

Type
mixed
Default value
1209600 (14 days)

The amount of time a user stays logged if “Remember Me” is checked on the login page.

Set to 0 to disable the “Remember Me” feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->rememberedUserSessionDuration(0)

View source (opens new window)

# requireMatchingUserAgentForSession

Type
boolean (opens new window)
Default value
true

Whether Craft should require a matching user agent string when restoring a user session from a cookie.

->requireMatchingUserAgentForSession(false)

View source (opens new window)

# requireUserAgentAndIpForSession

Type
boolean (opens new window)
Default value
true

Whether Craft should require the existence of a user agent string and IP address when creating a new user session.

->requireUserAgentAndIpForSession(false)

View source (opens new window)

# resourceBasePath

Type
string (opens new window)
Default value
'@webroot/cpresources'

The path to the root directory that should store published control panel resources.

->resourceBasePath('@webroot/craft-resources')

View source (opens new window)

# resourceBaseUrl

Type
string (opens new window)
Default value
'@web/cpresources'

The URL to the root directory that should store published control panel resources.

->resourceBaseUrl('@web/craft-resources')

View source (opens new window)

# restoreCommand

Type
string (opens new window), null (opens new window), false (opens new window)
Default value
null

The shell command Craft should execute to restore a database backup.

By default Craft will run mysql or psql, provided those libraries are in the $PATH variable for the user the web server is running as.

There are several tokens you can use that Craft will swap out at runtime:

  • {path} - the backup file path
  • {port} - the current database port
  • {server} - the current database hostname
  • {user} - the user to connect to the database
  • {database} - the current database name
  • {schema} - the current database schema (if any)

This can also be set to false to disable database restores completely.

->restoreCommand(false)

View source (opens new window)

# revAssetUrls

Type
boolean (opens new window)
Default value
false
Since
3.7.0

Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.

->revAssetUrls(true)

View source (opens new window)

# rotateImagesOnUploadByExifData

Type
boolean (opens new window)
Default value
true

Whether Craft should rotate images according to their EXIF data on upload.

->rotateImagesOnUploadByExifData(false)

View source (opens new window)

# runQueueAutomatically

Type
boolean (opens new window)
Default value
true

Whether Craft should run pending queue jobs automatically when someone visits the control panel.

If disabled, an alternate queue worker must be set up separately, either as an always-running daemon (opens new window), or a cron job that runs the queue/run command every minute:

* * * * * /path/to/project/craft queue/run

TIP

This setting should be disabled for servers running Win32, or with Apache’s mod_deflate/mod_gzip installed, where PHP’s flush() (opens new window) method won’t work.

->runQueueAutomatically(false)

View source (opens new window)

# sameSiteCookieValue

Type
string (opens new window), null (opens new window)
Default value
null
Since
3.1.33

The SameSite (opens new window) value that should be set on Craft cookies, if any.

View source (opens new window)

# sanitizeCpImageUploads

Type
boolean (opens new window)
Default value
true
Since
3.6.0

Whether images uploaded via the control panel should be sanitized.

->sanitizeCpImageUploads(false)

View source (opens new window)

# sanitizeSvgUploads

Type
boolean (opens new window)
Default value
true

Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.

This should definitely be enabled if you are accepting SVG uploads from untrusted sources.

->sanitizeSvgUploads(false)

View source (opens new window)

# secureHeaders

Type
array (opens new window), null (opens new window)
Default value
null

Lists of headers that are, by default, subject to the trusted host configuration.

See yii\web\Request::$secureHeaders (opens new window) for more details.

If not set, the default yii\web\Request::$secureHeaders (opens new window) value will be used.

->secureHeaders([
    'X-Forwarded-For',
    'X-Forwarded-Host',
    'X-Forwarded-Proto',
    'X-Rewrite-Url',
    'X-Original-Host',
    'CF-Connecting-IP',
])

View source (opens new window)

# secureProtocolHeaders

Type
array (opens new window), null (opens new window)
Default value
null

List of headers to check for determining whether the connection is made via HTTPS.

See yii\web\Request::$secureProtocolHeaders (opens new window) for more details.

If not set, the default yii\web\Request::$secureProtocolHeaders (opens new window) value will be used.

->secureProtocolHeaders([
    'X-Forwarded-Proto' => [
        'https',
    ],
    'Front-End-Https' => [
        'on',
    ],
    'CF-Visitor' => [
        '{\"scheme\":\"https\"}',
    ],
])

View source (opens new window)

# securityKey

Type
string (opens new window)
Default value
''

A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.

This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible.

->securityKey('2cf24dba5...')

View source (opens new window)

# sendContentLengthHeader

Type
boolean (opens new window)
Default value
false
Since
3.7.3

Whether a Content-Length header should be sent with responses.

->sendContentLengthHeader(true)

View source (opens new window)

# sendPoweredByHeader

Type
boolean (opens new window)
Default value
true

Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith (opens new window) and Wappalyzer (opens new window) identify that the site is running on Craft.

->sendPoweredByHeader(false)

View source (opens new window)

# setGraphqlDatesToSystemTimeZone

Type
boolean (opens new window)
Default value
false
Since
3.7.0

Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.

->setGraphqlDatesToSystemTimeZone(true)

View source (opens new window)

# setPasswordPath

Type
mixed
Default value
'setpassword'

The URI or URL that Craft should use for Set Password forms on the front end.

This setting is ignored when config4:headlessMode (opens new window) is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

TIP

You might also want to set config4:invalidUserTokenPath (opens new window) in case a user clicks on an expired password reset link.

->setPasswordPath('set-password')

See also getSetPasswordPath()

View source (opens new window)

# setPasswordRequestPath

Type
mixed
Default value
null
Since
3.5.14

The URI to the page where users can request to change their password.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

If this is set, Craft will redirect .well-known/change-password requests (opens new window) to this URI.

TIP

You’ll also need to set setPasswordPath (opens new window), which determines the URI and template path for the Set Password form where the user resets their password after following the link in the Password Reset email.

->setPasswordRequestPath('request-password')

See also getSetPasswordRequestPath()

View source (opens new window)

# setPasswordSuccessPath

Type
mixed
Default value
''

The URI Craft should redirect users to after setting their password from the front end.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->setPasswordSuccessPath('password-set')

See also getSetPasswordSuccessPath()

View source (opens new window)

# siteToken

Type
string (opens new window)
Default value
'siteToken'
Since
3.5.0

The query string parameter name that site tokens should be set to.

->siteToken('t')

View source (opens new window)

# slugWordSeparator

Type
string (opens new window)
Default value
'-'

The character(s) that should be used to separate words in slugs.

->slugWordSeparator('.')

View source (opens new window)

# softDeleteDuration

Type
mixed
Default value
2592000 (30 days)
Since
3.1.0

The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.

Set to 0 if you don’t ever want to delete soft-deleted items.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->softDeleteDuration(0)

View source (opens new window)

# storeUserIps

Type
boolean (opens new window)
Default value
false
Since
3.1.0

Whether user IP addresses should be stored/logged by the system.

->storeUserIps(true)

View source (opens new window)

# testToEmailAddress

Type
string (opens new window), array (opens new window), null (opens new window), false (opens new window)
Default value
null

Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.

By default, the recipient name(s) will be “Test Recipient”, but you can customize that by setting the value with the format ['me@domain.tld' => 'Name'].

->testToEmailAddress('me@domain.tld')

View source (opens new window)

# timezone

Type
string (opens new window), null (opens new window)
Default value
null

The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.

This can be set to one of PHP’s supported timezones (opens new window).

->timezone('Europe/London')

View source (opens new window)

# tokenParam

Type
string (opens new window)
Default value
'token'

The query string parameter name that Craft tokens should be set to.

->tokenParam('t')

View source (opens new window)

# transformGifs

Type
boolean (opens new window)
Default value
true
Since
3.0.7

Whether GIF files should be cleansed/transformed.

->transformGifs(false)

View source (opens new window)

# transformSvgs

Type
boolean (opens new window)
Default value
true
Since
3.7.1

Whether SVG files should be transformed.

->transformSvgs(false)

View source (opens new window)

# translationDebugOutput

Type
boolean (opens new window)
Default value
false

Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the |translate filter.

->translationDebugOutput(true)

View source (opens new window)

# trustedHosts

Type
array (opens new window)
Default value
[ 'any', ]

The configuration for trusted security-related headers.

See yii\web\Request::$trustedHosts (opens new window) for more details.

By default, all hosts are trusted.

->trustedHosts(['trusted-one.foo', 'trusted-two.foo'])

View source (opens new window)

# upscaleImages

Type
boolean (opens new window)
Default value
true
Since
3.4.0

Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.

->upscaleImages(false)

View source (opens new window)

# useEmailAsUsername

Type
boolean (opens new window)
Default value
false

Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.

If you enable this setting after user accounts already exist, run this terminal command to update existing usernames:

php craft utils/update-usernames

->useEmailAsUsername(true)

View source (opens new window)

# useFileLocks

Type
boolean (opens new window), null (opens new window)
Default value
null

Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.

Some file systems, such as NFS, do not support exclusive file locking.

If null, Craft will try to detect if the underlying file system supports exclusive file locking and cache the results.

->useFileLocks(false)

See also https://php.net/manual/en/function.file-put-contents.php

View source (opens new window)

# useIframeResizer

Type
boolean (opens new window)
Default value
false
Since
3.5.5

Whether iFrame Resizer options (opens new window) should be used for Live Preview.

Using iFrame Resizer makes it possible for Craft to retain the preview’s scroll position between page loads, for cross-origin web pages.

It works by setting the height of the iframe to match the height of the inner web page, and the iframe’s container will be scrolled rather than the iframe document itself. This can lead to some unexpected CSS issues, however, because the previewed viewport height will be taller than the visible portion of the iframe.

If you have a decoupled front end (opens new window), you will need to include iframeResizer.contentWindow.min.js (opens new window) on your page as well for this to work. You can conditionally include it for only Live Preview requests by checking if the requested URL contains a x-craft-live-preview query string parameter.

TIP

You can customize the behavior of iFrame Resizer via the config4:previewIframeResizerOptions (opens new window) config setting.

->useIframeResizer(true)

View source (opens new window)

# usePathInfo

Type
boolean (opens new window)
Default value
false

Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.

This setting only takes effect if config4:omitScriptNameInUrls (opens new window) is set to false.

->usePathInfo(true)

View source (opens new window)

# useSecureCookies

Type
boolean (opens new window), string (opens new window)
Default value
'auto'

Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.

Valid values are true, false, and 'auto'. Defaults to 'auto', which will set the secure flag if the page you’re currently accessing is over https://. true will always set the flag, regardless of protocol and false will never automatically set the flag.

->useSecureCookies(true)

View source (opens new window)

# useSslOnTokenizedUrls

Type
boolean (opens new window), string (opens new window)
Default value
'auto'

Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto', Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https in the tokenized URL. If not, will use http.

If set to false, Craft will always use http. If set to true, then, Craft will always use https.

->useSslOnTokenizedUrls(true)

View source (opens new window)

# userSessionDuration

Type
mixed
Default value
3600 (1 hour)

The amount of time before a user will get logged out due to inactivity.

Set to 0 if you want users to stay logged in as long as their browser is open rather than a predetermined amount of time.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 3 hours
->userSessionDuration(10800)

View source (opens new window)

# verificationCodeDuration

Type
mixed
Default value
86400 (1 day)

The amount of time a user verification code can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 1 hour
->verificationCodeDuration(3600)

View source (opens new window)

# verifyEmailPath

Type
mixed
Default value
'verifyemail'
Since
3.4.0

The URI or URL that Craft should use for email verification links on the front end.

This setting is ignored when config4:headlessMode (opens new window) is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->verifyEmailPath('verify-email')

See also getVerifyEmailPath()

View source (opens new window)

# verifyEmailSuccessPath

Type
mixed
Default value
''
Since
3.1.20

The URI that users without access to the control panel should be redirected to after verifying a new email address.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->verifyEmailSuccessPath('verified-email')

See also getVerifyEmailSuccessPath()

View source (opens new window)

# Protected Properties

Property Description
filename string (opens new window), null (opens new window) – The config filename
renamedSettings

# filename

Type
string (opens new window), null (opens new window)
Default value
\craft\services\Config::CATEGORY_GENERAL

The config filename

View source (opens new window)

# renamedSettings

Default value
[ 'activateAccountFailurePath' => 'invalidUserTokenPath', 'allowAutoUpdates' => 'allowUpdates', 'backupDbOnUpdate' => 'backupOnUpdate', 'defaultFilePermissions' => 'defaultFileMode', 'defaultFolderPermissions' => 'defaultDirMode', 'enableGraphQlCaching' => 'enableGraphqlCaching', 'environmentVariables' => 'aliases', 'isSystemOn' => 'isSystemLive', 'restoreDbOnUpdateFailure' => 'restoreOnUpdateFailure', 'useWriteFileLock' => 'useFileLocks', 'validationKey' => 'securityKey', ]

View source (opens new window)

# Public Methods

Method Description
__call() (opens new window) Calls the named method which is not a class method.
__clone()
__construct()
__get() Returns the value of a component property.
__isset() Checks if a property is set, i.e. defined and not null.
__set() Sets the value of a component property.
__unset() (opens new window) Sets a component property to be null.
accessibilityDefaults() The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
actionTrigger() The URI segment Craft should look for when determining if the current request should be routed to a controller action.
activateAccountSuccessPath() The URI that users without access to the control panel should be redirected to after activating their account.
activeAttributes() (opens new window) Returns the attribute names that are subject to validation in the current scenario.
addError() (opens new window) Adds a new error to the specified attribute.
addErrors() (opens new window) Adds a list of errors.
addModelErrors() Adds errors from another model, with a given attribute name prefix.
addTrailingSlashesToUrls() Whether auto-generated URLs should have trailing slashes.
afterValidate() (opens new window) This method is invoked after validation ends.
aliases() Any custom Yii aliases (opens new window) that should be defined for every request.
allowAdminChanges() Whether admins should be allowed to make administrative changes to the system.
allowSimilarTags() Whether users should be allowed to create similarly-named tags.
allowUpdates() Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
allowUppercaseInSlug() Whether uppercase letters should be allowed in slugs.
allowedFileExtensions() The file extensions Craft should allow when a user is uploading files.
allowedGraphqlOrigins() The Ajax origins that should be allowed to access the GraphQL API, if enabled.
attachBehavior() (opens new window) Attaches a behavior to this component.
attachBehaviors() (opens new window) Attaches a list of behaviors to the component.
attributeHints() (opens new window) Returns the attribute hints.
attributeLabels() (opens new window) Returns the attribute labels.
attributes() (opens new window) Returns the list of attribute names.
autoLoginAfterAccountActivation() Whether users should automatically be logged in after activating their account or resetting their password.
backupCommand() The shell command that Craft should execute to create a database backup.
backupOnUpdate() Whether Craft should create a database backup before applying a new system update.
baseCpUrl() The base URL Craft should use when generating control panel URLs.
beforeValidate() (opens new window) This method is invoked before validation starts.
behaviors() Returns a list of behaviors that this component should behave as.
blowfishHashCost() The higher the cost value, the longer it takes to generate a password hash and to verify against it.
brokenImagePath() The server path to an image file that should be sent when responding to an image request with a 404 status code.
buildId() A unique ID representing the current build of the codebase.
cacheDuration() The default length of time Craft will store data, RSS feed, and template caches.
canGetProperty() (opens new window) Returns a value indicating whether a property can be read.
canSetProperty() (opens new window) Returns a value indicating whether a property can be set.
className() (opens new window) Returns the fully qualified name of this class.
clearErrors() (opens new window) Removes errors for all attributes or a single attribute.
convertFilenamesToAscii() Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).
cooldownDuration() The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
cpHeadTags() List of additional HTML tags that should be included in the <head> of control panel pages.
cpTrigger() The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
create() Factory method for creating new config objects.
createValidators() (opens new window) Creates validator objects based on the validation rules specified in rules() (opens new window).
csrfTokenName() The name of CSRF token used for CSRF validation if config4:enableCsrfProtection (opens new window) is set to true.
datetimeAttributes() Returns the names of any attributes that should hold DateTime (opens new window) values.
defaultCookieDomain() The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.
defaultCountryCode() The two-letter country code that addresses will be set to by default.
defaultCpLanguage() The default language the control panel should use for users who haven’t set a preferred language yet.
defaultCpLocale() The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
defaultDirMode() The default permission to be set for newly-generated directories.
defaultFileMode() The default permission to be set for newly-generated files.
defaultImageQuality() The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).
defaultSearchTermOptions() The default options that should be applied to each search term.
defaultTemplateExtensions() The template file extensions Craft will look for when matching a template path to a file on the front end.
defaultTokenDuration() The default amount of time tokens can be used before expiring.
defaultWeekStartDay() The default day new users should have set as their Week Start Day.
deferPublicRegistrationPassword() By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.
detachBehavior() (opens new window) Detaches a behavior from the component.
detachBehaviors() (opens new window) Detaches all behaviors from the component.
devMode() Whether the system should run in Dev Mode (opens new window).
disableGraphqlTransformDirective() Whether the transform directive should be disabled for the GraphQL API.
disabledPlugins() Array of plugin handles that should be disabled, regardless of what the project config says.
disallowRobots() Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
elevatedSessionDuration() The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
enableBasicHttpAuth() Whether front-end web requests should support basic HTTP authentication.
enableCsrfCookie() Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection (opens new window) is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.
enableCsrfProtection() Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
enableGql() Whether the GraphQL API should be enabled.
enableGraphqlCaching() Whether Craft should cache GraphQL queries.
enableGraphqlIntrospection() Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.
enableTemplateCaching() Whether to enable Craft’s template {% cache %} tag on a global basis.
ensureBehaviors() (opens new window) Makes sure that the behaviors declared in behaviors() (opens new window) are attached to this component.
errorTemplatePrefix() The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
extraAllowedFileExtensions() List of file extensions that will be merged into the config4:allowedFileExtensions (opens new window) config setting.
extraAppLocales() List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
extraFields() (opens new window) Returns the list of fields that can be expanded further and returned by toArray() (opens new window).
extraFileKinds() List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().
extraLastNamePrefixes() Any additional last name prefixes that should be supported by the name parser.
extraNameSalutations() Any additional name salutations that should be supported by the name parser.
extraNameSuffixes() Any additional name suffixes that should be supported by the name parser.
fields() (opens new window) Returns the list of fields that should be returned by default by toArray() (opens new window) when no specific fields are specified.
filenameWordSeparator() The string to use to separate words when uploading assets. If set to false, spaces will be left alone.
formName() (opens new window) Returns the form name that this model class should use.
generateAttributeLabel() (opens new window) Generates a user friendly attribute label based on the give attribute name.
generateTransformsBeforePageLoad() Whether image transforms should be generated before page load.
getActivateAccountSuccessPath() Returns the localized Activate Account Success Path value.
getActiveValidators() (opens new window) Returns the validators applicable to the current scenario (opens new window).
getAttributeHint() (opens new window) Returns the text hint for the specified attribute.
getAttributeLabel() (opens new window) Returns the text label for the specified attribute.
getAttributes() (opens new window) Returns attribute values.
getBackupOnUpdate() Returns whether the DB should be backed up before running new migrations.
getBehavior() (opens new window) Returns the named behavior object.
getBehaviors() (opens new window) Returns all behaviors attached to this component.
getErrorSummary() (opens new window) Returns the errors for all attributes as a one-dimensional array.
getErrors() (opens new window) Returns the errors for all attributes or a single attribute.
getFirstError() (opens new window) Returns the first error of the specified attribute.
getFirstErrors() (opens new window) Returns the first error of every attribute in the model.
getInvalidUserTokenPath() Returns the localized Invalid User Token Path value.
getIterator() (opens new window) Returns an iterator for traversing the attributes in the model.
getLoginPath() Returns the localized Login Path value.
getLogoutPath() Returns the localized Logout Path value.
getPageTrigger() Returns the normalized page trigger.
getPostCpLoginRedirect() Returns the localized Post-Login Redirect path for the control panel.
getPostLoginRedirect() Returns the localized Post-Login Redirect path.
getPostLogoutRedirect() Returns the localized Post-Logout Redirect path.
getRememberedUserSessionDuration() Returns the remembered user session duration as a DateInterval (opens new window) object, if it’s set.
getScenario() (opens new window) Returns the scenario that this model is used in.
getSetPasswordPath() Returns the localized Set Password Path value.
getSetPasswordRequestPath() Returns the localized Set Password Request Path value.
getSetPasswordSuccessPath() Returns the localized Set Password Success Path value.
getTestToEmailAddress() Returns the normalized test email addresses.
getValidators() (opens new window) Returns all the validators declared in rules() (opens new window).
getVerifyEmailPath() Returns the localized Verify Email Path value.
getVerifyEmailSuccessPath() Returns the localized Verify Email Success Path value.
gqlTypePrefix() Prefix to use for all type names returned by GraphQL.
handleCasing() The casing to use for autogenerated component handles.
hasErrors() Returns a value indicating whether there is any validation error.
hasEventHandlers() (opens new window) Returns a value indicating whether there is any handler attached to the named event.
hasMethod() (opens new window) Returns a value indicating whether a method is defined.
hasProperty() (opens new window) Returns a value indicating whether a property is defined for this component.
headlessMode() Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
httpProxy() The proxy server that should be used for outgoing HTTP requests.
imageDriver() The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior.
imageEditorRatios() An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.
indexTemplateFilenames() The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
init() Initializes the object.
instance() (opens new window) Returns static class instance, which can be used to obtain meta information.
invalidLoginWindowDuration() The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
invalidUserTokenPath() The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.
ipHeaders() List of headers where proxies store the real client IP.
isAttributeActive() (opens new window) Returns a value indicating whether the attribute is active in the current scenario.
isAttributeRequired() (opens new window) Returns a value indicating whether the attribute is required.
isAttributeSafe() (opens new window) Returns a value indicating whether the attribute is safe for massive assignments.
isSystemLive() Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.
limitAutoSlugsToAscii() Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
load() (opens new window) Populates the model with input data.
loadMultiple() (opens new window) Populates a set of models with the data from end user.
loginPath() The URI Craft should use for user login on the front end.
logoutPath() The URI Craft should use for user logout on the front end.
maxBackups() The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.
maxCachedCloudImageSize() The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.
maxGraphqlBatchSize() The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.
maxGraphqlComplexity() The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.
maxGraphqlDepth() The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.
maxGraphqlResults() The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.
maxInvalidLogins() The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
maxRevisions() The maximum number of revisions that should be stored for each element.
maxSlugIncrement() The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
maxUploadFileSize() The maximum upload file size allowed.
off() (opens new window) Detaches an existing event handler from this component.
offsetExists() (opens new window) Returns whether there is an element at the specified offset.
offsetGet() (opens new window) Returns the element at the specified offset.
offsetSet() (opens new window) Sets the element at the specified offset.
offsetUnset() (opens new window) Sets the element value at the specified offset to null.
omitScriptNameInUrls() Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)
on() (opens new window) Attaches an event handler to an event.
onUnsafeAttribute() (opens new window) This method is invoked when an unsafe attribute is being massively assigned.
optimizeImageFilesize() Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)
pageTrigger() The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
pathParam() The query string param that Craft will check when determining the request’s path.
permissionsPolicyHeader() The Permissions-Policy header that should be sent for web responses.
phpMaxMemoryLimit() The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.
phpSessionName() The name of the PHP session cookie.
postCpLoginRedirect() The path users should be redirected to after logging into the control panel.
postLoginRedirect() The path users should be redirected to after logging in from the front-end site.
postLogoutRedirect() The path that users should be redirected to after logging out from the front-end site.
prefixGqlRootTypes() Whether the config4:gqlTypePrefix (opens new window) config setting should have an impact on query, mutation, and subscription types.
preloadSingles() Whether Single section entries should be preloaded for Twig templates.
preserveCmykColorspace() Whether CMYK should be preserved as the colorspace when manipulating images.
preserveExifData() Whether the EXIF data should be preserved when manipulating and uploading images.
preserveImageColorProfiles() Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
preventUserEnumeration() When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
previewIframeResizerOptions() Custom iFrame Resizer options (opens new window) that should be used for preview iframes.
previewTokenDuration() The amount of time content preview tokens can be used before expiring.
privateTemplateTrigger() The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
purgePendingUsersDuration() The amount of time to wait before Craft purges pending users from the system that have not activated.
purgeStaleUserSessionDuration() The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
purgeUnsavedDraftsDuration() The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
rasterizeSvgThumbs() Whether SVG thumbnails should be rasterized.
rememberUsernameDuration() The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
rememberedUserSessionDuration() The amount of time a user stays logged if “Remember Me” is checked on the login page.
requireMatchingUserAgentForSession() Whether Craft should require a matching user agent string when restoring a user session from a cookie.
requireUserAgentAndIpForSession() Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
resourceBasePath() The path to the root directory that should store published control panel resources.
resourceBaseUrl() The URL to the root directory that should store published control panel resources.
restoreCommand() The shell command Craft should execute to restore a database backup.
revAssetUrls() Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
rotateImagesOnUploadByExifData() Whether Craft should rotate images according to their EXIF data on upload.
rules() Returns the validation rules for attributes.
runQueueAutomatically() Whether Craft should run pending queue jobs automatically when someone visits the control panel.
safeAttributes() (opens new window) Returns the attribute names that are safe to be massively assigned in the current scenario.
sameSiteCookieValue() The SameSite (opens new window) value that should be set on Craft cookies, if any.
sanitizeCpImageUploads() Whether images uploaded via the control panel should be sanitized.
sanitizeSvgUploads() Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
scenarios() (opens new window) Returns a list of scenarios and the corresponding active attributes.
secureHeaders() Lists of headers that are, by default, subject to the trusted host configuration.
secureProtocolHeaders() List of headers to check for determining whether the connection is made via HTTPS.
securityKey() A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
sendContentLengthHeader() Whether a Content-Length header should be sent with responses.
sendPoweredByHeader() Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith (opens new window) and Wappalyzer (opens new window) identify that the site is running on Craft.
setAttributes() Sets the attribute values in a massive way.
setGraphqlDatesToSystemTimeZone() Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
setPasswordPath() The URI or URL that Craft should use for Set Password forms on the front end.
setPasswordRequestPath() The URI to the page where users can request to change their password.
setPasswordSuccessPath() The URI Craft should redirect users to after setting their password from the front end.
setScenario() (opens new window) Sets the scenario for the model.
siteToken() The query string parameter name that site tokens should be set to.
slugWordSeparator() The character(s) that should be used to separate words in slugs.
softDeleteDuration() The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
storeUserIps() Whether user IP addresses should be stored/logged by the system.
testToEmailAddress() Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
timezone() The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.
toArray() (opens new window) Converts the model into an array.
tokenParam() The query string parameter name that Craft tokens should be set to.
transformGifs() Whether GIF files should be cleansed/transformed.
transformSvgs() Whether SVG files should be transformed.
translationDebugOutput() Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the |translate filter.
trigger() (opens new window) Triggers an event.
trustedHosts() The configuration for trusted security-related headers.
upscaleImages() Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
useEmailAsUsername() Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
useFileLocks() Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.
useIframeResizer() Whether iFrame Resizer options (opens new window) should be used for Live Preview.
usePathInfo() Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.
useSecureCookies() Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.
useSslOnTokenizedUrls() Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto', Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https in the tokenized URL. If not, will use http.
userSessionDuration() The amount of time before a user will get logged out due to inactivity.
validate() (opens new window) Performs the data validation.
validateMultiple() (opens new window) Validates multiple models.
verificationCodeDuration() The amount of time a user verification code can be used before expiring.
verifyEmailPath() The URI or URL that Craft should use for email verification links on the front end.
verifyEmailSuccessPath() The URI that users without access to the control panel should be redirected to after verifying a new email address.

# __set()

Sets the value of a component property.

This method will check in the following order and act accordingly:

  • a property defined by a setter: set the property value
  • an event in the format of "on xyz": attach the handler to the event "xyz"
  • a behavior in the format of "as xyz": attach the behavior named as "xyz"
  • a property of a behavior: set the behavior property value

Do not call this method directly as it is a PHP magic method that will be implicitly called when executing $component->property = $value;.

View source (opens new window)

Arguments

Throws

# accessibilityDefaults()

Since
4.2.0

The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.

The array can contain the following keys:

  • alwaysShowFocusRings - Whether focus rings should always be shown when an element has focus.
  • useShapes – Whether shapes should be used to represent statuses.
  • underlineLinks – Whether links should be underlined.
  • notificationDuration – How long notifications should be shown before they disappear automatically (in milliseconds). Set to 0 to show them indefinitely.
->accessibilityDefaults([
    'useShapes' => true,
])

View source (opens new window)

Arguments

Returns

self

# actionTrigger()

Since
4.2.0

The URI segment Craft should look for when determining if the current request should be routed to a controller action.

->actionTrigger('do-it')

View source (opens new window)

Arguments

Returns

self

# activateAccountSuccessPath()

Since
4.2.0

The URI that users without access to the control panel should be redirected to after activating their account.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->activateAccountSuccessPath('welcome')

See also getActivateAccountSuccessPath() View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# addTrailingSlashesToUrls()

Since
4.2.0

Whether auto-generated URLs should have trailing slashes.

->addTrailingSlashesToUrls(true)

View source (opens new window)

Arguments

Returns

self

# aliases()

Since
4.2.0

Any custom Yii aliases (opens new window) that should be defined for every request.

->aliases([
    '@webroot' => '/var/www/',
])

View source (opens new window)

Arguments

Returns

self

# allowAdminChanges()

Since
4.2.0

Whether admins should be allowed to make administrative changes to the system.

When this is disabled, the Settings section will be hidden, the Craft edition and Craft/plugin versions will be locked, and the project config and Plugin Store will become read-only—though Craft and plugin licenses may still be purchased.

It’s best to disable this in production environments with a deployment workflow that runs composer install and propagates project config updates on deploy.

WARNING

Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.

->allowAdminChanges(false)

View source (opens new window)

Arguments

Returns

self

# allowSimilarTags()

Since
4.2.0

Whether users should be allowed to create similarly-named tags.

->allowSimilarTags(true)

View source (opens new window)

Arguments

Returns

self

# allowUpdates()

Since
4.2.0

Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.

This setting will automatically be disabled if config4:allowAdminChanges (opens new window) is disabled.

->allowUpdates(false)

View source (opens new window)

Arguments

Returns

self

# allowUppercaseInSlug()

Since
4.2.0

Whether uppercase letters should be allowed in slugs.

->allowUppercaseInSlug(true)

View source (opens new window)

Arguments

Returns

self

# allowedFileExtensions()

Since
4.2.0

The file extensions Craft should allow when a user is uploading files.

// Nothing bug GIFs!
->allowedFileExtensions([
    'gif',
])

View source (opens new window)

Arguments

Returns

self

# allowedGraphqlOrigins()

Since
4.2.0

The Ajax origins that should be allowed to access the GraphQL API, if enabled.

If this is set to an array, then graphql/api requests will only include the current request’s origin (opens new window) in the Access-Control-Allow-Origin response header if it’s listed here.

If this is set to false, then the Access-Control-Allow-Origin response header will never be sent.

->allowedGraphqlOrigins(false)

View source (opens new window)

Arguments

Returns

self

# autoLoginAfterAccountActivation()

Since
4.2.0

Whether users should automatically be logged in after activating their account or resetting their password.

->autoLoginAfterAccountActivation(true)

View source (opens new window)

Arguments

Returns

self

# backupCommand()

Since
4.2.0

The shell command that Craft should execute to create a database backup.

When set to null (default), Craft will run mysqldump or pg_dump, provided that those libraries are in the $PATH variable for the system user running the web server.

You may provide your own command, which can include several tokens Craft will substitute at runtime:

  • {file} - the target backup file path
  • {port} - the current database port
  • {server} - the current database hostname
  • {user} - user that was used to connect to the database
  • {password} - password for the specified {user}
  • {database} - the current database name
  • {schema} - the current database schema (if any)

This can also be set to false to disable database backups completely.

->backupCommand(false)

View source (opens new window)

Arguments

Returns

self

# backupOnUpdate()

Since
4.2.0

Whether Craft should create a database backup before applying a new system update.

->backupOnUpdate(false)

View source (opens new window)

Arguments

Returns

self

# baseCpUrl()

Since
4.2.0

The base URL Craft should use when generating control panel URLs.

It will be determined automatically if left blank.

TIP

The base control panel URL should not include the control panel trigger word (opens new window) (e.g. /admin).

->baseCpUrl('https://cms.my-project.tld/')

View source (opens new window)

Arguments

Returns

self

# blowfishHashCost()

Since
4.2.0

The higher the cost value, the longer it takes to generate a password hash and to verify against it.

Therefore, higher cost slows down a brute-force attack.

For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.

The time taken to compute the hash doubles for every increment by one for this value.

For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.

->blowfishHashCost(15)

View source (opens new window)

Arguments

Returns

self

# brokenImagePath()

Since
4.2.0

The server path to an image file that should be sent when responding to an image request with a 404 status code.

This can be set to an aliased path such as @webroot/assets/404.svg.

->brokenImagePath('@webroot/assets/404.svg')

View source (opens new window)

Arguments

Returns

self

# buildId()

Since
4.2.0

A unique ID representing the current build of the codebase.

This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.

->buildId(\craft\helpers\App::env('GIT_SHA'))

View source (opens new window)

Arguments

Returns

self

# cacheDuration()

Since
4.2.0

The default length of time Craft will store data, RSS feed, and template caches.

If set to 0, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->cacheDuration(0)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# convertFilenamesToAscii()

Since
4.2.0

Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).

TIP

You can run php craft utils/ascii-filenames in your terminal to apply ASCII filenames to all existing assets.

->convertFilenamesToAscii(false)

View source (opens new window)

Arguments

Returns

self

# cooldownDuration()

Since
4.2.0

The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.

Set to 0 to keep the account locked indefinitely, requiring an admin to manually unlock the account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->cooldownDuration(0)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# cpHeadTags()

Since
4.2.0

List of additional HTML tags that should be included in the <head> of control panel pages.

Each tag can be specified as an array of the tag name and its attributes.

For example, you can give the control panel a custom favicon (etc.) like this:

->cpHeadTags([
    // Traditional favicon
    ['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
    // Scalable favicon for browsers that support them
    ['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
    // Touch icon for mobile devices
    ['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
    // Pinned tab icon for Safari
    ['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])

View source (opens new window)

Arguments

Returns

self

# cpTrigger()

Since
4.2.0

The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.

This can be set to null if you have a dedicated hostname for the control panel (e.g. cms.my-project.tld), or you are running Craft in Headless Mode (opens new window). If you do that, you will need to ensure that the control panel is being served from its own web root directory on your server, with an index.php file that defines the CRAFT_CP PHP constant.

define('CRAFT_CP', true);

Alternatively, you can set the config4:baseCpUrl (opens new window) config setting, but then you will run the risk of losing access to portions of your control panel due to URI conflicts with actual folders/files in your main web root.

(For example, if you have an assets/ folder, that would conflict with the /assets page in the control panel.)

->cpTrigger(null)

View source (opens new window)

Arguments

Returns

self

# csrfTokenName()

Since
4.2.0

The name of CSRF token used for CSRF validation if config4:enableCsrfProtection (opens new window) is set to true.

->csrfTokenName('MY_CSRF')

See also enableCsrfProtection() View source (opens new window)

Arguments

Returns

self

# defaultCookieDomain()

Since
4.2.0

The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.

->defaultCookieDomain('.my-project.tld')

View source (opens new window)

Arguments

Returns

self

# defaultCountryCode()

Since
4.5.0

The two-letter country code that addresses will be set to by default.

See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 (opens new window) for a list of acceptable country codes.

->defaultCountryCode('GB')

View source (opens new window)

Arguments

Returns

self

# defaultCpLanguage()

Since
4.2.0

The default language the control panel should use for users who haven’t set a preferred language yet.

->defaultCpLanguage('en-US')

View source (opens new window)

Arguments

Returns

self

Throws

# defaultCpLocale()

Since
4.2.0

The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.

If this is null, the config4:defaultCpLanguage (opens new window) config setting will determine which locale is used for date/number formatting by default.

->defaultCpLocale('en-US')

View source (opens new window)

Arguments

Returns

self

# defaultDirMode()

Since
4.2.0

The default permission to be set for newly-generated directories.

If set to null, the permission will be determined by the current environment.

->defaultDirMode(0744)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# defaultFileMode()

Since
4.2.0

The default permission to be set for newly-generated files.

If set to null, the permission will be determined by the current environment.

->defaultFileMode(0744)

View source (opens new window)

Arguments

Returns

self

# defaultImageQuality()

Since
4.2.0

The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).

->defaultImageQuality(90)

View source (opens new window)

Arguments

Returns

self

# defaultSearchTermOptions()

Since
4.2.0

The default options that should be applied to each search term.

Options include:

  • subLeft – Whether to include keywords that contain the term, with additional characters before it. (false by default)
  • subRight – Whether to include keywords that contain the term, with additional characters after it. (true by default)
  • exclude – Whether search results should exclude records with this term. (false by default)
  • exact – Whether the term must be an exact match (only applies if the search term specifies an attribute). (false by default)
->defaultSearchTermOptions([
    'subLeft' => true,
    'exclude' => 'secret',
])

View source (opens new window)

Arguments

Returns

self

# defaultTemplateExtensions()

Since
4.2.0

The template file extensions Craft will look for when matching a template path to a file on the front end.

->defaultTemplateExtensions(['html', 'twig', 'txt'])

View source (opens new window)

Arguments

Returns

self

# defaultTokenDuration()

Since
4.2.0

The default amount of time tokens can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// One week
->defaultTokenDuration(604800)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# defaultWeekStartDay()

Since
4.2.0

The default day new users should have set as their Week Start Day.

This should be set to one of the following integers:

  • 0 – Sunday
  • 1 – Monday
  • 2 – Tuesday
  • 3 – Wednesday
  • 4 – Thursday
  • 5 – Friday
  • 6 – Saturday
->defaultWeekStartDay(0)

View source (opens new window)

Arguments

Returns

self

# deferPublicRegistrationPassword()

Since
4.2.0

By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.

If you have email verification enabled, new users will set their password once they’ve followed the verification link in the email. If you don’t, the only way they can set their password is to go through your “forgot password” workflow.

->deferPublicRegistrationPassword(true)

View source (opens new window)

Arguments

Returns

self

# devMode()

Since
4.2.0

Whether the system should run in Dev Mode (opens new window).

->devMode(true)

View source (opens new window)

Arguments

Returns

self

# disableGraphqlTransformDirective()

Since
4.2.0

Whether the transform directive should be disabled for the GraphQL API.

->disableGraphqlTransformDirective(true)

View source (opens new window)

Arguments

Returns

self

# disabledPlugins()

Since
4.2.0

Array of plugin handles that should be disabled, regardless of what the project config says.

->disabledPlugins([
    'webhooks',
])

This can also be set to '*' to disable all plugins.

->dev([
    'disabledPlugins' => '*',
],

WARNING

This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.

->disabledPlugins(['redactor', 'webhooks'])

View source (opens new window)

Arguments

Returns

self

# disallowRobots()

Since
4.2.0

Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.

TIP

This should be set to true for development and staging environments.

->disallowRobots(true)

View source (opens new window)

Arguments

Returns

self

# elevatedSessionDuration()

Since
4.2.0

The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).

Set to 0 to disable elevated session support.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->elevatedSessionDuration(0)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# enableBasicHttpAuth()

Since
4.2.0

Whether front-end web requests should support basic HTTP authentication.

->enableBasicHttpAuth(true)

View source (opens new window)

Arguments

Returns

self

# enableCsrfCookie()

Since
4.2.0

Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection (opens new window) is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.

->enableCsrfCookie(false)

View source (opens new window)

Arguments

Returns

self

# enableCsrfProtection()

Since
4.2.0

Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.

->enableCsrfProtection(false)

View source (opens new window)

Arguments

Returns

self

# enableGql()

Since
4.2.0

Whether the GraphQL API should be enabled.

The GraphQL API is only available for Craft Pro.

->enableGql(false)

View source (opens new window)

Arguments

Returns

self

# enableGraphqlCaching()

Since
4.2.0

Whether Craft should cache GraphQL queries.

If set to true, Craft will cache the results for unique GraphQL queries per access token. The cache is automatically invalidated any time an element is saved, the site structure is updated, or a GraphQL schema is saved.

This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result property.

->enableGraphqlCaching(false)

View source (opens new window)

Arguments

Returns

self

# enableGraphqlIntrospection()

Since
4.2.0

Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.

->enableGraphqlIntrospection(false)

View source (opens new window)

Arguments

Returns

self

# enableTemplateCaching()

Since
4.2.0

Whether to enable Craft’s template {% cache %} tag on a global basis.

->enableTemplateCaching(false)

See also https://craftcms.com/docs/templating/cache View source (opens new window)

Arguments

Returns

self

# errorTemplatePrefix()

Since
4.2.0

The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.

If set to '_' your site’s 404 template would live at templates/_404.twig, for example.

->errorTemplatePrefix('_')

View source (opens new window)

Arguments

Returns

self

# extraAllowedFileExtensions()

Since
4.2.0

List of file extensions that will be merged into the config4:allowedFileExtensions (opens new window) config setting.

->extraAllowedFileExtensions(['mbox', 'xml'])

View source (opens new window)

Arguments

Returns

self

# extraAppLocales()

Since
4.2.0

List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.

->extraAppLocales(['uk'])

View source (opens new window)

Arguments

Returns

self

Throws

# extraFileKinds()

Since
4.2.0

List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().

->extraFileKinds([
    // merge .psb into list of Photoshop file kinds
    'photoshop' => [
        'extensions' => ['psb'],
    ],
    // register new "Stylesheet" file kind
    'stylesheet' => [
        'label' => 'Stylesheet',
        'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
    ],
])

TIP

File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions (opens new window) config setting.

View source (opens new window)

Arguments

Returns

self

# extraLastNamePrefixes()

Since
4.3.0

Any additional last name prefixes that should be supported by the name parser.

->extraLastNamePrefixes(['Dal', 'Van Der'])

View source (opens new window)

Arguments

Returns

self

# extraNameSalutations()

Since
4.3.0

Any additional name salutations that should be supported by the name parser.

->extraNameSalutations(['Lady', 'Sire'])

View source (opens new window)

Arguments

Returns

self

# extraNameSuffixes()

Since
4.3.0

Any additional name suffixes that should be supported by the name parser.

->extraNameSuffixes(['CCNA', 'OBE'])

View source (opens new window)

Arguments

Returns

self

# filenameWordSeparator()

Since
4.2.0

The string to use to separate words when uploading assets. If set to false, spaces will be left alone.

->filenameWordSeparator(false)

View source (opens new window)

Arguments

Returns

self

# generateTransformsBeforePageLoad()

Since
4.2.0

Whether image transforms should be generated before page load.

->generateTransformsBeforePageLoad(true)

View source (opens new window)

Arguments

Returns

self

# getActivateAccountSuccessPath()

Returns the localized Activate Account Success Path value.

See also activateAccountSuccessPath() View source (opens new window)

Arguments

Returns

string (opens new window)

# getBackupOnUpdate()

Returns whether the DB should be backed up before running new migrations.

View source (opens new window)

Returns

boolean (opens new window)

# getInvalidUserTokenPath()

Returns the localized Invalid User Token Path value.

See also invalidUserTokenPath() View source (opens new window)

Arguments

Returns

string (opens new window)

# getLoginPath()

Returns the localized Login Path value.

See also loginPath() View source (opens new window)

Arguments

Returns

mixed

# getLogoutPath()

Returns the localized Logout Path value.

See also logoutPath() View source (opens new window)

Arguments

Returns

mixed

# getPageTrigger()

Since
3.2.0

Returns the normalized page trigger.

See also pageTrigger() View source (opens new window)

Returns

string (opens new window)

# getPostCpLoginRedirect()

Returns the localized Post-Login Redirect path for the control panel.

See also postCpLoginRedirect() View source (opens new window)

Returns

string (opens new window)

# getPostLoginRedirect()

Returns the localized Post-Login Redirect path.

See also postLoginRedirect() View source (opens new window)

Arguments

Returns

string (opens new window)

# getPostLogoutRedirect()

Returns the localized Post-Logout Redirect path.

See also postLogoutRedirect() View source (opens new window)

Arguments

Returns

string (opens new window)

# getRememberedUserSessionDuration()

Since
4.2.1

Returns the remembered user session duration as a DateInterval (opens new window) object, if it’s set.

View source (opens new window)

Returns

DateInterval (opens new window), null (opens new window)

# getSetPasswordPath()

Returns the localized Set Password Path value.

See also setPasswordPath() View source (opens new window)

Arguments

Returns

string (opens new window)

# getSetPasswordRequestPath()

Since
3.5.14

Returns the localized Set Password Request Path value.

See also setPasswordRequestPath() View source (opens new window)

Arguments

Returns

string (opens new window), null (opens new window)

# getSetPasswordSuccessPath()

Returns the localized Set Password Success Path value.

See also setPasswordSuccessPath() View source (opens new window)

Arguments

Returns

string (opens new window)

# getTestToEmailAddress()

Since
3.5.0

Returns the normalized test email addresses.

View source (opens new window)

Returns

array (opens new window)

# getVerifyEmailPath()

Since
3.4.0

Returns the localized Verify Email Path value.

See also verifyEmailPath() View source (opens new window)

Arguments

Returns

string (opens new window)

# getVerifyEmailSuccessPath()

Since
3.1.20

Returns the localized Verify Email Success Path value.

See also verifyEmailSuccessPath() View source (opens new window)

Arguments

Returns

string (opens new window)

# gqlTypePrefix()

Since
4.2.0

Prefix to use for all type names returned by GraphQL.

->gqlTypePrefix('craft_')

View source (opens new window)

Arguments

Returns

self

# handleCasing()

Since
4.2.0

The casing to use for autogenerated component handles.

This can be set to one of the following:

  • camel – for camelCase
  • pascal – for PascalCase (aka UpperCamelCase)
  • snake – for snake_case
->handleCasing('pascal')

View source (opens new window)

Arguments

Returns

self

# headlessMode()

Since
4.2.0

Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.

When this is enabled, the following changes will take place:

TIP

With Headless Mode enabled, users may only set passwords and verify email addresses via the control panel. Be sure to grant “Access the control panel” permission to all content editors and administrators. You’ll also need to set the config4:baseCpUrl (opens new window) config setting if the control panel is located on a different domain than your front end.

->headlessMode(true)

View source (opens new window)

Arguments

Returns

self

# httpProxy()

Since
4.2.0

The proxy server that should be used for outgoing HTTP requests.

This can be set to a URL (http://localhost) or a URL plus a port (http://localhost:8125).

->httpProxy('http://localhost')

View source (opens new window)

Arguments

Returns

self

# imageDriver()

Since
4.2.0

The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior.

->imageDriver('imagick')

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# imageEditorRatios()

Since
4.2.0

An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.

->imageEditorRatios([
    'Unconstrained' => 'none',
    'Original' => 'original',
    'Square' => 1,
    'IMAX' => 1.9,
    'Widescreen' => 1.78,
])

View source (opens new window)

Arguments

Returns

self

# indexTemplateFilenames()

Since
4.2.0

The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.

->indexTemplateFilenames(['index', 'default'])

View source (opens new window)

Arguments

Returns

self

# init()

Initializes the object.

This method is invoked at the end of the constructor after the object is initialized with the given configuration.

View source (opens new window)

Throws

# invalidLoginWindowDuration()

Since
4.2.0

The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 1 day
->invalidLoginWindowDuration(86400)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# invalidUserTokenPath()

Since
4.2.0

The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

// 1 day
->invalidUserTokenPath('nope')

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# ipHeaders()

Since
4.2.0

List of headers where proxies store the real client IP.

See yii\web\Request::$ipHeaders (opens new window) for more details.

If not set, the default craft\web\Request::$ipHeaders value will be used.

->ipHeaders(['X-Forwarded-For', 'CF-Connecting-IP'])

View source (opens new window)

Arguments

Returns

self

# isSystemLive()

Since
4.2.0

Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.

->isSystemLive(true)

View source (opens new window)

Arguments

Returns

self

# limitAutoSlugsToAscii()

Since
4.2.0

Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).

TIP

This only affects the JavaScript auto-generated slugs. Non-ASCII characters can still be used in slugs if entered manually.

->limitAutoSlugsToAscii(true)

View source (opens new window)

Arguments

Returns

self

# loginPath()

Since
4.2.0

The URI Craft should use for user login on the front end.

This can be set to false to disable front-end login.

Note that this config setting is ignored when config4:headlessMode (opens new window) is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->loginPath(false)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# logoutPath()

Since
4.2.0

The URI Craft should use for user logout on the front end.

This can be set to false to disable front-end logout.

Note that this config setting is ignored when config4:headlessMode (opens new window) is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->logoutPath(false)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# maxBackups()

Since
4.2.0

The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.

->maxBackups(5)

View source (opens new window)

Arguments

Returns

self

# maxCachedCloudImageSize()

Since
4.2.0

The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.

->maxCachedCloudImageSize(0)

View source (opens new window)

Arguments

Returns

self

# maxGraphqlBatchSize()

Since
4.5.5

The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.

->maxGraphqlBatchSize(500)

View source (opens new window)

Arguments

Returns

self

# maxGraphqlComplexity()

Since
4.2.0

The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.

->maxGraphqlComplexity(500)

View source (opens new window)

Arguments

Returns

self

# maxGraphqlDepth()

Since
4.2.0

The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.

->maxGraphqlDepth(5)

View source (opens new window)

Arguments

Returns

self

# maxGraphqlResults()

Since
4.2.0

The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.

->maxGraphqlResults(100)

View source (opens new window)

Arguments

Returns

self

# maxInvalidLogins()

Since
4.2.0

The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.

->maxInvalidLogins(3)

View source (opens new window)

Arguments

Returns

self

# maxRevisions()

Since
4.2.0

The maximum number of revisions that should be stored for each element.

Set to 0 if you want to store an unlimited number of revisions.

->maxRevisions(25)

View source (opens new window)

Arguments

Returns

self

# maxSlugIncrement()

Since
4.2.0

The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.

->maxSlugIncrement(10)

View source (opens new window)

Arguments

Returns

self

# maxUploadFileSize()

Since
4.2.0

The maximum upload file size allowed.

See craft\helpers\ConfigHelper::sizeInBytes() for a list of supported value types.

// 25MB
->maxUploadFileSize(26214400)

View source (opens new window)

Arguments

Returns

self

# omitScriptNameInUrls()

Since
4.2.0

Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)

This can only be possible if your server is configured to redirect would-be 404s to index.php, for example, with the redirect found in the .htaccess file that came with Craft:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.+) /index.php?p=$1 [QSA,L]

->omitScriptNameInUrls(true)

View source (opens new window)

Arguments

Returns

self

# optimizeImageFilesize()

Since
4.2.0

Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)

->optimizeImageFilesize(false)

View source (opens new window)

Arguments

Returns

self

# pageTrigger()

Since
4.2.0

The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.

Example Value Example URI
p /news/p5
page /news/page5
page/ /news/page/5
?page /news?page=5

TIP

If you want to set this to ?p (e.g. /news?p=5), you’ll also need to change your config4:pathParam (opens new window) setting which defaults to p. If your server is running Apache, you’ll need to update the redirect code in your .htaccess file to match your new pathParam value.

->pageTrigger('page')

View source (opens new window)

Arguments

Returns

self

# pathParam()

Since
4.2.0

The query string param that Craft will check when determining the request’s path.

This can be set to null if your web server is capable of directing traffic to index.php without a query string param. If you’re using Apache, that means you’ll need to change the RewriteRule line in your .htaccess file to:

RewriteRule (.+) index.php [QSA,L]

->pathParam(null)

View source (opens new window)

Arguments

Returns

self

# permissionsPolicyHeader()

Since
4.2.0

The Permissions-Policy header that should be sent for web responses.

->permissionsPolicyHeader('Permissions-Policy: geolocation=(self)')

View source (opens new window)

Arguments

Returns

self

# phpMaxMemoryLimit()

Since
4.2.0

The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.

See https://php.net/manual/en/faq.using.php#faq.using.shorthandbytes (opens new window) for a list of acceptable values.

->phpMaxMemoryLimit('512M')

View source (opens new window)

Arguments

Returns

self

# phpSessionName()

Since
4.2.0

The name of the PHP session cookie.

->phpSessionName(null)

See also https://php.net/manual/en/function.session-name.php View source (opens new window)

Arguments

Returns

self

# postCpLoginRedirect()

Since
4.2.0

The path users should be redirected to after logging into the control panel.

This setting will also come into effect if a user visits the control panel’s login page (/admin/login) or the control panel’s root URL (/admin) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->postCpLoginRedirect('entries')

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# postLoginRedirect()

Since
4.2.0

The path users should be redirected to after logging in from the front-end site.

This setting will also come into effect if the user visits the login page (as specified by the config4:loginPath (opens new window) config setting) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->postLoginRedirect('welcome')

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# postLogoutRedirect()

Since
4.2.0

The path that users should be redirected to after logging out from the front-end site.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

->postLogoutRedirect('goodbye')

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# prefixGqlRootTypes()

Since
4.2.0

Whether the config4:gqlTypePrefix (opens new window) config setting should have an impact on query, mutation, and subscription types.

->prefixGqlRootTypes(false)

View source (opens new window)

Arguments

Returns

self

# preloadSingles()

Since
4.4.0

Whether Single section entries should be preloaded for Twig templates.

When enabled, Craft will make an educated guess on which Singles should be preloaded for each template based on the variable names that are referenced.

WARNING

You will need to clear your compiled templates from the Caches utility before this setting will take effect.

->preloadSingles()

View source (opens new window)

Arguments

Returns

self

# preserveCmykColorspace()

Since
4.2.0

Whether CMYK should be preserved as the colorspace when manipulating images.

Setting this to true will prevent Craft from transforming CMYK images to sRGB, but on some ImageMagick versions it can cause image color distortion. This will only have an effect if ImageMagick is in use.

->preserveCmykColorspace(true)

View source (opens new window)

Arguments

Returns

self

# preserveExifData()

Since
4.2.0

Whether the EXIF data should be preserved when manipulating and uploading images.

Setting this to true will result in larger image file sizes.

This will only have effect if ImageMagick is in use.

->preserveExifData(true)

View source (opens new window)

Arguments

Returns

self

# preserveImageColorProfiles()

Since
4.2.0

Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.

Setting this to false will reduce the image size a little bit, but on some ImageMagick versions can cause images to be saved with an incorrect gamma value, which causes the images to become very dark. This will only have effect if ImageMagick is in use.

->preserveImageColorProfiles(false)

View source (opens new window)

Arguments

Returns

self

# preventUserEnumeration()

Since
4.2.0

When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.

When set to false and you go through the “forgot password” flow from the control panel login page, you’ll get distinct messages indicating whether the username/email exists and whether an email was sent with further instructions. This can be helpful for the user attempting to log in but allow for username/email enumeration based on the response.

->preventUserEnumeration(true)

View source (opens new window)

Arguments

Returns

self

# previewIframeResizerOptions()

Since
4.2.0

Custom iFrame Resizer options (opens new window) that should be used for preview iframes.

->previewIframeResizerOptions([
    'autoResize' => false,
])

View source (opens new window)

Arguments

Returns

self

# previewTokenDuration()

Since
4.2.0

The amount of time content preview tokens can be used before expiring.

Defaults to config4:defaultTokenDuration (opens new window) value.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 1 hour
->previewTokenDuration(3600),

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# privateTemplateTrigger()

Since
4.2.0

The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.

Set to an empty value to disable public template routing.

->privateTemplateTrigger('')

View source (opens new window)

Arguments

Returns

self

# purgePendingUsersDuration()

Since
4.2.0

The amount of time to wait before Craft purges pending users from the system that have not activated.

Any content assigned to a pending user will be deleted as well when the given time interval passes.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

TIP

Users will only be purged when garbage collection (opens new window) is run.

// 2 weeks
->purgePendingUsersDuration(1209600),

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# purgeStaleUserSessionDuration()

Since
4.2.0

The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

// 1 week
->purgeStaleUserSessionDuration(604800),

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# purgeUnsavedDraftsDuration()

Since
4.2.0

The amount of time to wait before Craft purges unpublished drafts that were never updated with content.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->purgeUnsavedDraftsDuration(0)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# rasterizeSvgThumbs()

Since
4.2.0

Whether SVG thumbnails should be rasterized.

This will only work if ImageMagick is installed, and config4:imageDriver (opens new window) is set to either auto or imagick.

->rasterizeSvgThumbs(true)

View source (opens new window)

Arguments

Returns

self

# rememberUsernameDuration()

Since
4.2.0

The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.

Set to 0 to disable this feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->rememberUsernameDuration(0)

View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

# rememberedUserSessionDuration()

Since
4.2.0

The amount of time a user stays logged if “Remember Me” is checked on the login page.

Set to 0 to disable the “Remember Me” feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

->rememberedUserSessionDuration(0)

See also getRememberedUserSessionDuration() View source (opens new window)

Arguments

  • $value (mixed)

Returns

self

Throws

# requireMatchingUserAgentForSession()

Since
4.2.0

Whether Craft should require a matching user agent string when restoring a user session from a cookie.

->requireMatchingUserAgentForSession(false)

View source (opens new window)

Arguments

Returns

self

# requireUserAgentAndIpForSession()

Since
4.2.0

Whether Craft should require the existence of a user agent string and IP address when creating a new user session.

->requireUserAgentAndIpForSession(false)

View source (opens new window)

Arguments

Returns

self

# resourceBasePath()

Since
4.2.0

The path to the root directory that should store published control panel resources.

->resourceBasePath('@webroot/craft-resources')

View source (opens new window)

Arguments

Returns

self

# resourceBaseUrl()

Since
4.2.0

The URL to the root directory that should store published control panel resources.

->resourceBaseUrl('@web/craft-resources')

View source (opens new window)

Arguments

Returns

self

# restoreCommand()

Since
4.2.0

The shell command Craft should execute to restore a database backup.

By default Craft will run mysql or psql, provided those libraries are in the $PATH variable for the user the web server is running as.

There are several tokens you can use that Craft will swap out at runtime:

  • {path} - the backup file path
  • {port} - the current database port
  • {server} - the current database hostname
  • {user} - the user to connect to the database
  • {database} - the current database name
  • {schema} - the current database schema (if any)

This can also be set to false to disable database restores completely.

->restoreCommand(false)

View source (opens new window)

Arguments

Returns

self

# revAssetUrls()

Since
4.2.0

Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.

->revAssetUrls(true)

View source (opens new window)

Arguments

Returns

self

# rotateImagesOnUploadByExifData()

Since
4.2.0

Whether Craft should rotate images according to their EXIF data on upload.

->rotateImagesOnUploadByExifData(false)

View source (opens new window)

Arguments

Returns

self

# runQueueAutomatically()

Since
4.2.0

Whether Craft should run pending queue jobs automatically when someone visits the control panel.

If disabled, an alternate queue worker must be set up separately, either as an always-running daemon (opens new window), or a cron job that runs the queue/run command every minute:

* * * * * /path/to/project/craft queue/run

TIP

This setting should be disabled for servers running Win32, or with Apache’s mod_deflate/mod_gzip installed, where PHP’s flush() (opens new window) method won’t work.

->runQueueAutomatically(false)

View source (opens new window)

Arguments

Returns

self

# sameSiteCookieValue()

Since
4.2.0

The SameSite (opens new window) value that should be set on Craft cookies, if any.

This can be set to 'None', 'Lax', 'Strict', or null.

->sameSiteCookieValue('Strict')

View source (opens new window)

Arguments

  • $value (?string)

Returns

self

# sanitizeCpImageUploads()

Since
4.2.0

Whether images uploaded via the control panel should be sanitized.

->sanitizeCpImageUploads(false)

View source (opens new window)

Arguments

Returns

self

# sanitizeSvgUploads()

Since
4.2.0

Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.

This should definitely be enabled if you are accepting SVG uploads from untrusted sources.

->sanitizeSvgUploads(false)

View source (opens new window)

Arguments

Returns

self

# secureHeaders()

Since
4.2.0

Lists of headers that are, by default, subject to the trusted host configuration.

See yii\web\Request::$secureHeaders (opens new window) for more details.

If not set, the default yii\web\Request::$secureHeaders (opens new window) value will be used.

->secureHeaders([
    'X-Forwarded-For',
    'X-Forwarded-Host',
    'X-Forwarded-Proto',
    'X-Rewrite-Url',
    'X-Original-Host',
    'CF-Connecting-IP',
])

View source (opens new window)

Arguments

Returns

self

# secureProtocolHeaders()

Since
4.2.0

List of headers to check for determining whether the connection is made via HTTPS.

See yii\web\Request::$secureProtocolHeaders (opens new window) for more details.

If not set, the default yii\web\Request::$secureProtocolHeaders