Skip to content

GeneralConfig

Type
Class
Namespace
craft\config
Inherits
craft\config\GeneralConfig » craft\config\BaseConfig » craft\base\Model » yii\base\Model » yii\base\Component » yii\base\BaseObject
Implements
ArrayAccess, IteratorAggregate, craft\base\ModelInterface, yii\base\Arrayable, yii\base\Configurable, yii\base\StaticInstanceInterface
Uses traits
craft\base\ClonefixTrait, yii\base\ArrayableTrait, yii\base\StaticInstanceTrait
Since
3.0.0

General config class

View source

Public Properties

PropertyDescription
accessibilityDefaultsarray – The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
actionTriggerstring – The URI segment Craft should look for when determining if the current request should be routed to a controller action.
activateAccountSuccessPathmixed – The URI that users without access to the control panel should be redirected to after activating their account.
activeValidatorsyii\validators\Validator – The validators applicable to the current scenario.
addTrailingSlashesToUrlsboolean – Whether auto-generated URLs should have trailing slashes.
aliasesarray – Any custom Yii [aliases](https://www.
allowAdminChangesboolean – Whether admins should be allowed to make administrative changes to the system.
allowSimilarTagsboolean – Whether users should be allowed to create similarly-named tags.
allowUpdatesboolean – Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
allowUppercaseInSlugboolean – Whether uppercase letters should be allowed in slugs.
allowedFileExtensionsstring[] – The file extensions Craft should allow when a user is uploading files.
allowedGraphqlOriginsstring[], null, false – The Ajax origins that should be allowed to access the GraphQL API, if enabled.
attributesarray – Attribute values (name => value).
autoLoginAfterAccountActivationboolean – Whether users should automatically be logged in after activating their account or resetting their password.
autosaveDraftsboolean – Whether drafts should be saved automatically as they are edited.
backupCommandstring, null, false – The shell command that Craft should execute to create a database backup.
backupOnUpdateboolean – Whether Craft should create a database backup before applying a new system update.
baseCpUrlstring, null – The base URL Craft should use when generating control panel URLs.
behaviorsyii\base\Behavior – List of behaviors attached to this component.
blowfishHashCostinteger – The higher the cost value, the longer it takes to generate a password hash and to verify against it.
brokenImagePathstring, null – The server path to an image file that should be sent when responding to an image request with a 404 status code.
buildIdstring, null – A unique ID representing the current build of the codebase.
cacheDurationmixed – The default length of time Craft will store data, RSS feed, and template caches.
convertFilenamesToAsciiboolean – Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).
cooldownDurationmixed – The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
cpHeadTagsarray – List of additional HTML tags that should be included in the <head> of control panel pages.
cpTriggerstring, null – The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
csrfTokenNamestring – The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true.
defaultCookieDomainstring – The domain that cookies generated by Craft should be created for.
defaultCountryCodestring – The two-letter country code that addresses will be set to by default.
defaultCpLanguagestring, null – The default language the control panel should use for users who haven’t set a preferred language yet.
defaultCpLocalestring, null – The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
defaultDirModemixed – The default permission to be set for newly-generated directories.
defaultFileModeinteger, null – The default permission to be set for newly-generated files.
defaultImageQualityinteger – The quality level Craft will use when saving JPG and PNG files.
defaultSearchTermOptionsarray – The default options that should be applied to each search term.
defaultTemplateExtensionsstring[] – The template file extensions Craft will look for when matching a template path to a file on the front end.
defaultTokenDurationmixed – The default amount of time tokens can be used before expiring.
defaultWeekStartDayinteger – The default day new users should have set as their Week Start Day.
deferPublicRegistrationPasswordboolean – By default, Craft requires a front-end “password” field for public user registrations.
devModeboolean – Whether the system should run in [Dev Mode](https://craftcms.
disableGraphqlTransformDirectiveboolean – Whether the transform directive should be disabled for the GraphQL API.
disabledPluginsstring[], string, null – Array of plugin handles that should be disabled, regardless of what the project config says.
disabledUtilitiesstring[] – Array of utility IDs that should be disabled.
disallowRobotsboolean – Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
elevatedSessionDurationmixed – The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
enableBasicHttpAuthboolean – Whether front-end web requests should support basic HTTP authentication.
enableCsrfCookieboolean – Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled.
enableCsrfProtectionboolean – Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
enableGqlboolean – Whether the GraphQL API should be enabled.
enableGraphqlCachingboolean – Whether Craft should cache GraphQL queries.
enableGraphqlIntrospectionboolean – Whether GraphQL introspection queries are allowed.
enableTemplateCachingboolean – Whether to enable Craft’s template {% cache %} tag on a global basis.
errorTemplatePrefixstring – The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
errorsarray – Errors for all attributes or the specified attribute.
extraAllowedFileExtensionsstring[], null – List of file extensions that will be merged into the config4:allowedFileExtensions config setting.
extraAppLocalesstring[], null – List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
extraFileKindsarray – List of additional file kinds Craft should support.
extraLastNamePrefixesstring[] – Any additional last name prefixes that should be supported by the name parser.
extraNameSalutationsstring[] – Any additional name salutations that should be supported by the name parser.
extraNameSuffixesstring[] – Any additional name suffixes that should be supported by the name parser.
filenameWordSeparatorstring, false – The string to use to separate words when uploading assets.
firstErrorsarray – The first errors.
generateTransformsBeforePageLoadboolean – Whether image transforms should be generated before page load.
gqlTypePrefixstring – Prefix to use for all type names returned by GraphQL.
handleCasingstring – The casing to use for autogenerated component handles.
headlessModeboolean – Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
httpProxystring, null – The proxy server that should be used for outgoing HTTP requests.
imageDrivermixed – The image driver Craft should use to cleanse and transform images.
imageEditorRatiosarray – An array containing the selectable image aspect ratios for the image editor.
indexTemplateFilenamesstring[] – The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
invalidLoginWindowDurationmixed – The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
invalidUserTokenPathmixed – The URI Craft should redirect to when user token validation fails.
ipHeadersstring[], null – List of headers where proxies store the real client IP.
isSystemLiveboolean, null – Whether the site is currently live.
iteratorArrayIterator – An iterator for traversing the items in the list.
limitAutoSlugsToAsciiboolean – Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
loginPathmixed – The URI Craft should use for user login on the front end.
logoutPathmixed – The URI Craft should use for user logout on the front end.
maxBackupsinteger, false – The number of backups Craft should make before it starts deleting the oldest backups.
maxCachedCloudImageSizeinteger – The maximum dimension size to use when caching images from external sources to use in transforms.
maxGraphqlBatchSizeinteger – The maximum allowed GraphQL queries that can be executed in a single batched request.
maxGraphqlComplexityinteger – The maximum allowed complexity a GraphQL query is allowed to have.
maxGraphqlDepthinteger – The maximum allowed depth a GraphQL query is allowed to reach.
maxGraphqlResultsinteger – The maximum allowed results for a single GraphQL query.
maxInvalidLoginsinteger, false – The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
maxRevisionsinteger, null – The maximum number of revisions that should be stored for each element.
maxSlugIncrementinteger – The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
maxUploadFileSizeinteger, string – The maximum upload file size allowed.
omitScriptNameInUrlsboolean – Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path) This can only be possible if your server is configured to redirect would-be 404s to index.php, for example, with the redirect found in the .htaccess file that came with Craft: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.+) /index.php?p=$1 [QSA,L] ::: code php Static Config ->omitScriptNameInUrls(true) shell Environment Override CRAFT_OMIT_SCRIPT_NAME_IN_URLS=1 ::: ::: tip Even when this is set to true, the script name could still be included in some action URLs.
optimizeImageFilesizeboolean – Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality.
pageTriggerstring – The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
passwordPathmixed
passwordRequestPathmixed
passwordSuccessPathmixed
pathParamstring, null – The query string param that Craft will check when determining the request’s path.
permissionsPolicyHeaderstring, null – The Permissions-Policy header that should be sent for web responses.
phpMaxMemoryLimitstring, null – The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating.
phpSessionNamestring – The name of the PHP session cookie.
postCpLoginRedirectmixed – The path users should be redirected to after logging into the control panel.
postLoginRedirectmixed – The path users should be redirected to after logging in from the front-end site.
postLogoutRedirectmixed – The path that users should be redirected to after logging out from the front-end site.
prefixGqlRootTypesboolean – Whether the config4:gqlTypePrefix config setting should have an impact on query, mutation, and subscription types.
preloadSinglesboolean – Whether Single section entries should be preloaded for Twig templates.
preserveCmykColorspaceboolean – Whether CMYK should be preserved as the colorspace when manipulating images.
preserveExifDataboolean – Whether the EXIF data should be preserved when manipulating and uploading images.
preserveImageColorProfilesboolean – Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
preventUserEnumerationboolean – When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
previewIframeResizerOptionsarray – Custom [iFrame Resizer options](http://davidjbradshaw.
previewTokenDurationmixed – The amount of time content preview tokens can be used before expiring.
privateTemplateTriggerstring – The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
purgePendingUsersDurationmixed – The amount of time to wait before Craft purges pending users from the system that have not activated.
purgeStaleUserSessionDurationmixed – The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
purgeUnsavedDraftsDurationmixed – The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
rasterizeSvgThumbsboolean – Whether SVG thumbnails should be rasterized.
rememberUsernameDurationmixed – The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
rememberedUserSessionDurationmixed – The amount of time a user stays logged if “Remember Me” is checked on the login page.
requireMatchingUserAgentForSessionboolean – Whether Craft should require a matching user agent string when restoring a user session from a cookie.
requireUserAgentAndIpForSessionboolean – Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
resourceBasePathstring – The path to the root directory that should store published control panel resources.
resourceBaseUrlstring – The URL to the root directory that should store published control panel resources.
restoreCommandstring, null, false – The shell command Craft should execute to restore a database backup.
revAssetUrlsboolean – Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
rotateImagesOnUploadByExifDataboolean – Whether Craft should rotate images according to their EXIF data on upload.
runQueueAutomaticallyboolean – Whether Craft should run pending queue jobs automatically when someone visits the control panel.
sameSiteCookieValuestring, null – The [SameSite](https://developer.
sanitizeCpImageUploadsboolean – Whether images uploaded via the control panel should be sanitized.
sanitizeSvgUploadsboolean – Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
scenariostring – The scenario that this model is in.
secureHeadersarray, null – Lists of headers that are, by default, subject to the trusted host configuration.
secureProtocolHeadersarray, null – List of headers to check for determining whether the connection is made via HTTPS.
securityKeystring – A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
sendContentLengthHeaderboolean – Whether a Content-Length header should be sent with responses.
sendPoweredByHeaderboolean – Whether an X-Powered-By: Craft CMS header should be sent, helping services like [BuiltWith](https://builtwith.
setGraphqlDatesToSystemTimeZoneboolean – Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
setPasswordPathmixed – The URI or URL that Craft should use for Set Password forms on the front end.
setPasswordRequestPathmixed – The URI to the page where users can request to change their password.
setPasswordSuccessPathmixed – The URI Craft should redirect users to after setting their password from the front end.
showFirstAndLastNameFieldsboolean – Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.
siteTokenstring – The query string parameter name that site tokens should be set to.
slugWordSeparatorstring – The character(s) that should be used to separate words in slugs.
softDeleteDurationmixed – The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
storeUserIpsboolean – Whether user IP addresses should be stored/logged by the system.
testToEmailAddressstring, array, null, false – Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
timezonestring, null – The timezone of the site.
tokenParamstring – The query string parameter name that Craft tokens should be set to.
transformGifsboolean – Whether GIF files should be cleansed/transformed.
transformSvgsboolean – Whether SVG files should be transformed.
translationDebugOutputboolean – Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the `
trustedHostsarray – The configuration for trusted security-related headers.
upscaleImagesboolean – Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
useEmailAsUsernameboolean – Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
useFileLocksboolean, null – Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.
useIframeResizerboolean – Whether [iFrame Resizer options](http://davidjbradshaw.
usePathInfoboolean – Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.
useSecureCookiesboolean, string – Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.
useSslOnTokenizedUrlsboolean, string – Determines what protocol/schema Craft will use when generating tokenized URLs.
userSessionDurationmixed – The amount of time before a user will get logged out due to inactivity.
validatorsArrayObject, yii\validators\Validator – All the validators declared in the model.
verificationCodeDurationmixed – The amount of time a user verification code can be used before expiring.
verifyEmailPathmixed – The URI or URL that Craft should use for email verification links on the front end.
verifyEmailSuccessPathmixed – The URI that users without access to the control panel should be redirected to after verifying a new email address.

accessibilityDefaults

Type
array
Default value
[ 'alwaysShowFocusRings' => false, 'useShapes' => false, 'underlineLinks' => false, 'notificationDuration' => 5000, ]
Since
3.6.4

The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.

The array can contain the following keys:

  • alwaysShowFocusRings - Whether focus rings should always be shown when an element has focus.
  • useShapes – Whether shapes should be used to represent statuses.
  • underlineLinks – Whether links should be underlined.
  • notificationDuration – How long notifications should be shown before they disappear automatically (in milliseconds). Set to 0 to show them indefinitely.
php
->accessibilityDefaults([
    'useShapes' => true,
])

View source

actionTrigger

Type
string
Default value
'actions'

The URI segment Craft should look for when determining if the current request should be routed to a controller action.

::: code

php
->actionTrigger('do-it')
shell
CRAFT_ACTION_TRIGGER=do-it

:::

View source

activateAccountSuccessPath

Type
mixed
Default value
''

The URI that users without access to the control panel should be redirected to after activating their account.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->activateAccountSuccessPath('welcome')
shell
CRAFT_ACTIVATE_ACCOUNT_SUCCESS_PATH=welcome

:::

See also getActivateAccountSuccessPath()

View source

addTrailingSlashesToUrls

Type
boolean
Default value
false

Whether auto-generated URLs should have trailing slashes.

::: code

php
->addTrailingSlashesToUrls(true)
shell
CRAFT_ADD_TRAILING_SLASHES_TO_URLS=1

:::

View source

aliases

Type
array
Default value
[]

Any custom Yii aliases that should be defined for every request.

php
->aliases([
    '@webroot' => '/var/www/',
])

View source

allowAdminChanges

Type
boolean
Default value
true
Since
3.1.0

Whether admins should be allowed to make administrative changes to the system.

When this is disabled, the Settings section will be hidden, the Craft edition and Craft/plugin versions will be locked, and the project config and Plugin Store will become read-only—though Craft and plugin licenses may still be purchased.

It’s best to disable this in production environments with a deployment workflow that runs composer install and propagates project config updates on deploy.

WARNING

Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.

::: code

php
->allowAdminChanges(false)
shell
CRAFT_ALLOW_ADMIN_CHANGES=false

:::

View source

allowSimilarTags

Type
boolean
Default value
false

Whether users should be allowed to create similarly-named tags.

::: code

php
->allowSimilarTags(true)
shell
CRAFT_ALLOW_SIMILAR_TAGS=1

:::

View source

allowUpdates

Type
boolean
Default value
true

Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.

This setting will automatically be disabled if config4:allowAdminChanges is disabled.

::: code

php
->allowUpdates(false)
shell
CRAFT_ALLOW_UPDATES=false

:::

View source

allowUppercaseInSlug

Type
boolean
Default value
false

Whether uppercase letters should be allowed in slugs.

::: code

php
->allowUppercaseInSlug(true)
shell
CRAFT_ALLOW_UPPERCASE_IN_SLUG=1

:::

View source

allowedFileExtensions

Type
string[]
Default value
[ '7z', 'aiff', 'asc', 'asf', 'avi', 'avif', 'bmp', 'cap', 'cin', 'csv', 'dfxp', 'doc', 'docx', 'dotm', 'dotx', 'fla', 'flv', 'gif', 'gz', 'gzip', 'heic', 'heif', 'hevc', 'itt', 'jp2', 'jpeg', 'jpg', 'jpx', 'js', 'json', 'lrc', 'm2t', 'm4a', 'm4v', 'mcc', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'mpsub', 'ods', 'odt', 'ogg', 'ogv', 'pdf', 'png', 'potx', 'pps', 'ppsm', 'ppsx', 'ppt', 'pptm', 'pptx', 'ppz', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rt', 'rtf', 'sami', 'sbv', 'scc', 'sdc', 'sitd', 'smi', 'srt', 'stl', 'sub', 'svg', 'swf', 'sxc', 'sxw', 'tar', 'tds', 'tgz', 'tif', 'tiff', 'ttml', 'txt', 'vob', 'vsd', 'vtt', 'wav', 'webm', 'webp', 'wma', 'wmv', 'xls', 'xlsx', 'zip', ]

The file extensions Craft should allow when a user is uploading files.

php
// Nothing bug GIFs!
->allowedFileExtensions([
    'gif',
])

See also extraAllowedFileExtensions()

View source

allowedGraphqlOrigins

Type
string[], null, false
Default value
null
Since
3.5.0

The Ajax origins that should be allowed to access the GraphQL API, if enabled.

If this is set to an array, then graphql/api requests will only include the current request’s origin in the Access-Control-Allow-Origin response header if it’s listed here.

If this is set to false, then the Access-Control-Allow-Origin response header will never be sent.

::: code

php
->allowedGraphqlOrigins(false)
shell
CRAFT_ALLOW_GRAPHQL_ORIGINS=false

:::

View source

autoLoginAfterAccountActivation

Type
boolean
Default value
false

Whether users should automatically be logged in after activating their account or resetting their password.

::: code

php
->autoLoginAfterAccountActivation(true)
shell
CRAFT_ALLOW_AUTO_LOGIN_AFTER_ACCOUNT_ACTIVATION=true

:::

View source

autosaveDrafts

DEPRECATED

Deprecated in 4.0.0

Type
boolean
Default value
true
Since
3.5.6

Whether drafts should be saved automatically as they are edited.

Note that drafts will be autosaved while Live Preview is open, regardless of this setting.

::: code

shell
CRAFT_AUTOSAVE_DRAFTS=false

:::

View source

backupCommand

Type
string, null, false
Default value
null

The shell command that Craft should execute to create a database backup.

When set to null (default), Craft will run mysqldump or pg_dump, provided that those libraries are in the $PATH variable for the system user running the web server.

You may provide your own command, which can include several tokens Craft will substitute at runtime:

  • {file} - the target backup file path
  • {port} - the current database port
  • {server} - the current database hostname
  • {user} - user that was used to connect to the database
  • {password} - password for the specified {user}
  • {database} - the current database name
  • {schema} - the current database schema (if any)

This can also be set to false to disable database backups completely.

::: code

php
->backupCommand(false)
shell
CRAFT_BACKUP_COMMAND=false

:::

View source

backupOnUpdate

Type
boolean
Default value
true

Whether Craft should create a database backup before applying a new system update.

::: code

php
->backupOnUpdate(false)
shell
CRAFT_BACKUP_ON_UPDATE=false

:::

See also backupCommand()

View source

baseCpUrl

Type
string, null
Default value
null

The base URL Craft should use when generating control panel URLs.

It will be determined automatically if left blank.

TIP

The base control panel URL should not include the control panel trigger word (e.g. /admin).

::: code

php
->baseCpUrl('https://cms.my-project.tld/')
shell
CRAFT_BASE_CP_URL=https://cms.my-project.tld/

:::

View source

blowfishHashCost

Type
integer
Default value
13

The higher the cost value, the longer it takes to generate a password hash and to verify against it.

Therefore, higher cost slows down a brute-force attack.

For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.

The time taken to compute the hash doubles for every increment by one for this value.

For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.

::: code

php
->blowfishHashCost(15)
shell
CRAFT_BLOWFISH_HASH_COST=15

:::

View source

brokenImagePath

Type
string, null
Default value
null
Since
3.5.0

The server path to an image file that should be sent when responding to an image request with a 404 status code.

This can be set to an aliased path such as @webroot/assets/404.svg.

::: code

php
->brokenImagePath('@webroot/assets/404.svg')
shell
CRAFT_BROKEN_IMAGE_PATH=@webroot/assets/404.svg

:::

View source

buildId

Type
string, null
Default value
null
Since
4.0.0

A unique ID representing the current build of the codebase.

This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.

::: code

php
->buildId(\craft\helpers\App::env('GIT_SHA'))
shell
CRAFT_BUILD_ID=$GIT_SHA

:::

View source

cacheDuration

Type
mixed
Default value
86400 (1 day)

The default length of time Craft will store data, RSS feed, and template caches.

If set to 0, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
->cacheDuration(0)
shell
CRAFT_CACHE_DURATION=0

:::

View source

convertFilenamesToAscii

Type
boolean
Default value
false

Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).

TIP

You can run php craft utils/ascii-filenames in your terminal to apply ASCII filenames to all existing assets.

::: code

php
->convertFilenamesToAscii(false)
shell
CRAFT_CONVERT_FILENAMES_TO_ASCII=false

:::

View source

cooldownDuration

Type
mixed
Default value
300 (5 minutes)

The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.

Set to 0 to keep the account locked indefinitely, requiring an admin to manually unlock the account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
->cooldownDuration(0)
shell
CRAFT_COOLDOWN_DURATION=0

:::

View source

cpHeadTags

Type
array
Default value
[]
Since
3.5.0

List of additional HTML tags that should be included in the <head> of control panel pages.

Each tag can be specified as an array of the tag name and its attributes.

For example, you can give the control panel a custom favicon (etc.) like this:

php
->cpHeadTags([
    // Traditional favicon
    ['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
    // Scalable favicon for browsers that support them
    ['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
    // Touch icon for mobile devices
    ['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
    // Pinned tab icon for Safari
    ['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])

View source

cpTrigger

Type
string, null
Default value
'admin'

The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.

This can be set to null if you have a dedicated hostname for the control panel (e.g. cms.my-project.tld), or you are running Craft in Headless Mode. If you do that, you will need to ensure that the control panel is being served from its own web root directory on your server, with an index.php file that defines the CRAFT_CP PHP constant.

php
define('CRAFT_CP', true);

Alternatively, you can set the config4:baseCpUrl config setting, but then you will run the risk of losing access to portions of your control panel due to URI conflicts with actual folders/files in your main web root.

(For example, if you have an assets/ folder, that would conflict with the /assets page in the control panel.)

::: code

php
->cpTrigger(null)
shell
CRAFT_CP_TRIGGER=

:::

View source

csrfTokenName

Type
string
Default value
'CRAFT_CSRF_TOKEN'

The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true.

::: code

php
->csrfTokenName('MY_CSRF')
shell
CRAFT_CSRF_TOKEN_NAME=MY_CSRF

:::

See also enableCsrfProtection()

View source

defaultCookieDomain

Type
string
Default value
''

The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.

::: code

php
->defaultCookieDomain('.my-project.tld')
shell
CRAFT_DEFAULT_COOKIE_DOMAIN=.my-project.tld

:::

View source

defaultCountryCode

Type
string
Default value
'US'
Since
4.5.0

The two-letter country code that addresses will be set to by default.

See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for a list of acceptable country codes.

::: code

php
->defaultCountryCode('GB')
shell
CRAFT_DEFAULT_COUNTRY_CODE=GB

:::

View source

defaultCpLanguage

Type
string, null
Default value
null

The default language the control panel should use for users who haven’t set a preferred language yet.

::: code

php
->defaultCpLanguage('en-US')
shell
CRAFT_DEFAULT_CP_LANGUAGE=en-US

:::

View source

defaultCpLocale

Type
string, null
Default value
null
Since
3.5.0

The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.

If this is null, the config4:defaultCpLanguage config setting will determine which locale is used for date/number formatting by default.

::: code

php
->defaultCpLocale('en-US')
shell
CRAFT_DEFAULT_CP_LOCALE=en-US

:::

View source

defaultDirMode

Type
mixed
Default value
0775

The default permission to be set for newly-generated directories.

If set to null, the permission will be determined by the current environment.

::: code

php
->defaultDirMode(0744)
shell
CRAFT_DEFAULT_DIR_MODE=0744

:::

View source

defaultFileMode

Type
integer, null
Default value
null

The default permission to be set for newly-generated files.

If set to null, the permission will be determined by the current environment.

::: code

php
->defaultFileMode(0744)
shell
CRAFT_DEFAULT_FILE_MODE=0744

:::

View source

defaultImageQuality

Type
integer
Default value
82

The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).

::: code

php
->defaultImageQuality(90)
shell
CRAFT_DEFAULT_IMAGE_QUALITY=90

:::

View source

defaultSearchTermOptions

Type
array
Default value
[]

The default options that should be applied to each search term.

Options include:

  • subLeft – Whether to include keywords that contain the term, with additional characters before it. (false by default)
  • subRight – Whether to include keywords that contain the term, with additional characters after it. (true by default)
  • exclude – Whether search results should exclude records with this term. (false by default)
  • exact – Whether the term must be an exact match (only applies if the search term specifies an attribute). (false by default)
php
->defaultSearchTermOptions([
    'subLeft' => true,
    'exclude' => 'secret',
])

View source

defaultTemplateExtensions

Type
string[]
Default value
[ 'html', 'twig', ]

The template file extensions Craft will look for when matching a template path to a file on the front end.

::: code

php
->defaultTemplateExtensions(['html', 'twig', 'txt'])
shell
CRAFT_DEFAULT_TEMPLATE_EXTENSIONS=html,twig,txt

:::

View source

defaultTokenDuration

Type
mixed
Default value
86400 (1 day)

The default amount of time tokens can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
// One week
->defaultTokenDuration(604800)
shell
# One week
CRAFT_DEFAULT_TOKEN_DURATION=604800

:::

View source

defaultWeekStartDay

Type
integer
Default value
1 (Monday)

The default day new users should have set as their Week Start Day.

This should be set to one of the following integers:

  • 0 – Sunday
  • 1 – Monday
  • 2 – Tuesday
  • 3 – Wednesday
  • 4 – Thursday
  • 5 – Friday
  • 6 – Saturday

::: code

php
->defaultWeekStartDay(0)
shell
CRAFT_DEFAULT_WEEK_START_DAY=0

:::

View source

deferPublicRegistrationPassword

Type
boolean
Default value
false

By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.

If you have email verification enabled, new users will set their password once they’ve followed the verification link in the email. If you don’t, the only way they can set their password is to go through your “forgot password” workflow.

::: code

php
->deferPublicRegistrationPassword(true)
shell
CRAFT_DEFER_PUBLIC_REGISTRATION_PASSWORD=true

:::

View source

devMode

Type
boolean
Default value
false

Whether the system should run in Dev Mode.

::: code

php
->devMode(true)
shell
CRAFT_DEV_MODE=true

:::

View source

disableGraphqlTransformDirective

Type
boolean
Default value
false
Since
3.6.0

Whether the transform directive should be disabled for the GraphQL API.

::: code

php
->disableGraphqlTransformDirective(true)
shell
CRAFT_DISABLE_GRAPHQL_TRANSFORM_DIRECTIVE=1

:::

View source

disabledPlugins

Type
string[], string, null
Default value
null
Since
3.1.9

Array of plugin handles that should be disabled, regardless of what the project config says.

php
->disabledPlugins([
    'webhooks',
])

This can also be set to '*' to disable all plugins.

php
->disabledPlugins('*')

WARNING

This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.

::: code

php
->disabledPlugins([
    'redactor',
    'webhooks',
])
shell
CRAFT_DISABLED_PLUGINS=redactor,webhooks

:::

View source

disabledUtilities

Type
string[]
Default value
[]
Since
4.6.0

Array of utility IDs that should be disabled.

::: code

php
 ->disabledUtilities([
     'updates',
     'find-replace',
 ])
shell
CRAFT_DISABLED_UTILITIES=updates,find-replace

:::

View source

disallowRobots

Type
boolean
Default value
false
Since
3.5.10

Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.

TIP

This should be set to true for development and staging environments.

::: code

php
->disallowRobots(true)
shell
CRAFT_DISALLOW_ROBOTS=1

:::

View source

elevatedSessionDuration

Type
mixed
Default value
300 (5 minutes)

The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).

Set to 0 to disable elevated session support.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
->elevatedSessionDuration(0)
shell
CRAFT_ELEVATED_SESSION_DURATION=0

:::

View source

enableBasicHttpAuth

Type
boolean
Default value
false
Since
3.5.0

Whether front-end web requests should support basic HTTP authentication.

::: code

php
->enableBasicHttpAuth(true)
shell
CRAFT_ENABLE_BASIC_HTTP_AUTH=1

:::

View source

enableCsrfCookie

Type
boolean
Default value
true

Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.

::: code

php
->enableCsrfCookie(false)
shell
CRAFT_ENABLE_CSRF_COOKIE=false

:::

See also enableCsrfProtection()

View source

enableCsrfProtection

Type
boolean
Default value
true

Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.

::: code

php
->enableCsrfProtection(false)
shell
CRAFT_ENABLE_CSRF_PROTECTION=false

:::

See also:

View source

enableGql

Type
boolean
Default value
true
Since
3.3.1

Whether the GraphQL API should be enabled.

The GraphQL API is only available for Craft Pro.

::: code

php
->enableGql(false)
shell
CRAFT_ENABLE_GQL=false

:::

View source

enableGraphqlCaching

Type
boolean
Default value
true
Since
3.3.12

Whether Craft should cache GraphQL queries.

If set to true, Craft will cache the results for unique GraphQL queries per access token. The cache is automatically invalidated any time an element is saved, the site structure is updated, or a GraphQL schema is saved.

This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result property.

::: code

php
->enableGraphqlCaching(false)
shell
CRAFT_ENABLE_GRAPHQL_CACHING=false

:::

View source

enableGraphqlIntrospection

Type
boolean
Default value
true
Since
3.6.0

Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.

::: code

php
->enableGraphqlIntrospection(false)
shell
CRAFT_ENABLE_GRAPHQL_INTROSPECTION=false

:::

View source

enableTemplateCaching

Type
boolean
Default value
true

Whether to enable Craft’s template {% cache %} tag on a global basis.

::: code

php
->enableTemplateCaching(false)
shell
CRAFT_ENABLE_TEMPLATE_CACHING=false

:::

See also https://craftcms.com/docs/templating/cache

View source

errorTemplatePrefix

Type
string
Default value
''

The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.

If set to '_' your site’s 404 template would live at templates/_404.twig, for example.

::: code

php
->errorTemplatePrefix('_')
shell
CRAFT_ERROR_TEMPLATE_PREFIX=_

:::

View source

extraAllowedFileExtensions

Type
string[], null
Default value
null

List of file extensions that will be merged into the config4:allowedFileExtensions config setting.

::: code

php
->extraAllowedFileExtensions(['mbox', 'xml'])
shell
CRAFT_EXTRA_ALLOWED_FILE_EXTENSIONS=mbox,xml

:::

See also allowedFileExtensions()

View source

extraAppLocales

Type
string[], null
Default value
null
Since
3.0.24

List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.

::: code

php
->extraAppLocales(['uk'])
shell
CRAFT_EXTRA_APP_LOCALES=uk

:::

View source

extraFileKinds

Type
array
Default value
[]
Since
3.0.37

List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().

php
->extraFileKinds([
    // merge .psb into list of Photoshop file kinds
    'photoshop' => [
        'extensions' => ['psb'],
    ],
    // register new "Stylesheet" file kind
    'stylesheet' => [
        'label' => 'Stylesheet',
        'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
    ],
])

TIP

File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions config setting.

View source

extraLastNamePrefixes

Type
string[]
Default value
[]
Since
4.3.0

Any additional last name prefixes that should be supported by the name parser.

::: code

php
->extraLastNamePrefixes(['Dal', 'Van Der'])
shell
CRAFT_EXTRA_LAST_NAME_PREFIXES="Dal,Van Der"

:::

View source

extraNameSalutations

Type
string[]
Default value
[]
Since
4.3.0

Any additional name salutations that should be supported by the name parser.

::: code

php
->extraNameSalutations(['Lady', 'Sire'])
shell
CRAFT_EXTRA_NAME_SALUTATIONS=Lady,Sire

:::

View source

extraNameSuffixes

Type
string[]
Default value
[]
Since
4.3.0

Any additional name suffixes that should be supported by the name parser.

::: code

php
->extraNameSuffixes(['CCNA', 'OBE'])
shell
CRAFT_EXTRA_NAME_SUFFIXES=CCNA,OBE

:::

View source

filenameWordSeparator

Type
string, false
Default value
'-'

The string to use to separate words when uploading assets. If set to false, spaces will be left alone.

::: code

php
->filenameWordSeparator(false)
shell
CRAFT_FILENAME_WORD_SEPARATOR=false

:::

View source

generateTransformsBeforePageLoad

Type
boolean
Default value
false

Whether image transforms should be generated before page load.

::: code

php
->generateTransformsBeforePageLoad(true)
shell
CRAFT_GENERATE_TRANSFORMS_BEFORE_PAGE_LOAD=1

:::

View source

gqlTypePrefix

Type
string
Default value
''

Prefix to use for all type names returned by GraphQL.

::: code

php
->gqlTypePrefix('craft_')
shell
CRAFT_GQL_TYPE_PREFIX=craft_

:::

View source

handleCasing

Type
string
Default value
self::CAMEL_CASE
Since
3.6.0

The casing to use for autogenerated component handles.

View source

headlessMode

Type
boolean
Default value
false
Since
3.3.0

Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.

When this is enabled, the following changes will take place:

  • Template settings for sections and category groups will be hidden.
  • Template route management will be hidden.
  • Front-end routing will skip checks for element and template requests.
  • Front-end responses will be JSON-formatted rather than HTML by default.
  • Twig will be configured to escape unsafe strings for JavaScript/JSON rather than HTML by default for front-end requests.
  • The config4:loginPath, config4:logoutPath, config4:setPasswordPath, and config4:verifyEmailPath settings will be ignored.

TIP

With Headless Mode enabled, users may only set passwords and verify email addresses via the control panel. Be sure to grant “Access the control panel” permission to all content editors and administrators. You’ll also need to set the config4:baseCpUrl config setting if the control panel is located on a different domain than your front end.

::: code

php
->headlessMode(true)
shell
CRAFT_HEADLESS_MODE=1

:::

View source

httpProxy

Type
string, null
Default value
null
Since
3.7.0

The proxy server that should be used for outgoing HTTP requests.

This can be set to a URL (http://localhost) or a URL plus a port (http://localhost:8125).

::: code

php
->httpProxy('http://localhost')
shell
CRAFT_HTTP_PROXY=http://localhost

:::

View source

imageDriver

Type
mixed
Default value
self::IMAGE_DRIVER_AUTO

The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior.

::: code

php
->imageDriver('imagick')
shell
CRAFT_IMAGE_DRIVER=imagick

:::

View source

imageEditorRatios

Type
array
Default value
[ 'Unconstrained' => 'none', 'Original' => 'original', 'Square' => 1, '16:9' => 1.78, '10:8' => 1.25, '7:5' => 1.4, '4:3' => 1.33, '5:3' => 1.67, '3:2' => 1.5, ]

An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.

php
->imageEditorRatios([
    'Unconstrained' => 'none',
    'Original' => 'original',
    'Square' => 1,
    'IMAX' => 1.9,
    'Widescreen' => 1.78,
])

View source

indexTemplateFilenames

Type
string[]
Default value
[ 'index', ]

The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.

::: code

php
->indexTemplateFilenames(['index', 'default'])
shell
CRAFT_INDEX_TEMPLATE_FILENAMES=index,default

:::

View source

invalidLoginWindowDuration

Type
mixed
Default value
3600 (1 hour)

The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
// 1 day
->invalidLoginWindowDuration(86400)
shell
# 1 day
CRAFT_INVALID_LOGIN_WINDOW_DURATION=86400

:::

View source

invalidUserTokenPath

Type
mixed
Default value
''

The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
// 1 day
->invalidUserTokenPath('nope')
shell
# 1 day
CRAFT_INVALID_USER_TOKEN_PATH=nope

:::

See also getInvalidUserTokenPath()

View source

ipHeaders

Type
string[], null
Default value
null

List of headers where proxies store the real client IP.

See yii\web\Request::$ipHeaders for more details.

If not set, the default craft\web\Request::$ipHeaders value will be used.

::: code

php
->ipHeaders(['X-Forwarded-For', 'CF-Connecting-IP'])
shell
CRAFT_IP_HEADERS=X-Forwarded-For,CF-Connecting-IP

:::

View source

isSystemLive

Type
boolean, null
Default value
null

Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.

::: code

php
->isSystemLive(true)
shell
CRAFT_IS_SYSTEM_LIVE=true

:::

View source

limitAutoSlugsToAscii

Type
boolean
Default value
false

Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).

TIP

This only affects the JavaScript auto-generated slugs. Non-ASCII characters can still be used in slugs if entered manually.

::: code

php
->limitAutoSlugsToAscii(true)
shell
CRAFT_LIMIT_AUTO_SLUGS_TO_ASCII=1

:::

View source

loginPath

Type
mixed
Default value
'login'

The URI Craft should use for user login on the front end.

This can be set to false to disable front-end login.

Note that this config setting is ignored when config4:headlessMode is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->loginPath(false)
shell
CRAFT_LOGIN_PATH=false

:::

See also getLoginPath()

View source

logoutPath

Type
mixed
Default value
'logout'

The URI Craft should use for user logout on the front end.

This can be set to false to disable front-end logout.

Note that this config setting is ignored when config4:headlessMode is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->logoutPath(false)
shell
CRAFT_LOGOUT_PATH=false

:::

See also getLogoutPath()

View source

maxBackups

Type
integer, false
Default value
20

The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.

::: code

php
->maxBackups(5)
shell
CRAFT_MAX_BACKUPS=5

:::

View source

maxCachedCloudImageSize

Type
integer
Default value
2000

The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.

::: code

php
->maxCachedCloudImageSize(0)
shell
CRAFT_MAX_CACHED_CLOUD_IMAGE_SIZE=0

:::

View source

maxGraphqlBatchSize

Type
integer
Default value
0
Since
4.5.5

The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.

::: code

php
->maxGraphqlBatchSize(5)
shell
CRAFT_MAX_GRAPHQL_BATCH_SIZE=5

:::

View source

maxGraphqlComplexity

Type
integer
Default value
0
Since
3.6.0

The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.

::: code

php
->maxGraphqlComplexity(500)
shell
CRAFT_MAX_GRAPHQL_COMPLEXITY=500

:::

View source

maxGraphqlDepth

Type
integer
Default value
0
Since
3.6.0

The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.

::: code

php
->maxGraphqlDepth(5)
shell
CRAFT_MAX_GRAPHQL_DEPTH=5

:::

View source

maxGraphqlResults

Type
integer
Default value
0
Since
3.6.0

The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.

::: code

php
->maxGraphqlResults(100)
shell
CRAFT_MAX_GRAPHQL_RESULTS=100

:::

View source

maxInvalidLogins

Type
integer, false
Default value
5

The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.

::: code

php
->maxInvalidLogins(3)
shell
CRAFT_MAX_INVALID_LOGINS=3

:::

View source

maxRevisions

Type
integer, null
Default value
50
Since
3.2.0

The maximum number of revisions that should be stored for each element.

Set to 0 if you want to store an unlimited number of revisions.

::: code

php
->maxRevisions(25)
shell
CRAFT_MAX_REVISIONS=25

:::

View source

maxSlugIncrement

Type
integer
Default value
100

The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.

::: code

php
->maxSlugIncrement(10)
shell
CRAFT_MAX_SLUG_INCREMENT=10

:::

View source

maxUploadFileSize

Type
integer, string
Default value
16777216 (16MB)

The maximum upload file size allowed.

See craft\helpers\ConfigHelper::sizeInBytes() for a list of supported value types.

::: code

php
// 25MB
->maxUploadFileSize(26214400)
shell
# 25MB
CRAFT_MAX_UPLOAD_FILE_SIZE=26214400

:::

View source

omitScriptNameInUrls

Type
boolean
Default value
false

Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)

This can only be possible if your server is configured to redirect would-be 404s to index.php, for example, with the redirect found in the .htaccess file that came with Craft:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.+) /index.php?p=$1 [QSA,L]

::: code

php
->omitScriptNameInUrls(true)
shell
CRAFT_OMIT_SCRIPT_NAME_IN_URLS=1

:::

TIP

Even when this is set to true, the script name could still be included in some action URLs. If you want to ensure that index.php is fully omitted from all generated URLs, set the config4:pathParam config setting to null.

View source

optimizeImageFilesize

Type
boolean
Default value
true

Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)

::: code

php
->optimizeImageFilesize(false)
shell
CRAFT_OPTIMIZE_IMAGE_FILESIZE=1

:::

See also imageDriver()

View source

pageTrigger

Type
string
Default value
'p'

The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.

Example ValueExample URI
p/news/p5
page/news/page5
page//news/page/5
?page/news?page=5

TIP

If you want to set this to ?p (e.g. /news?p=5), you’ll also need to change your config4:pathParam setting which defaults to p. If your server is running Apache, you’ll need to update the redirect code in your .htaccess file to match your new pathParam value.

::: code

php
->pageTrigger('page')
shell
CRAFT_PAGE_TRIGGER=page

:::

See also getPageTrigger()

View source

passwordPath

Type
mixed
Default value
null
Access
Write-only
Since
4.2.0

View source

passwordRequestPath

Type
mixed
Default value
null
Access
Write-only
Since
4.2.0

View source

passwordSuccessPath

Type
mixed
Default value
null
Access
Write-only
Since
4.2.0

View source

pathParam

Type
string, null
Default value
'p'

The query string param that Craft will check when determining the request’s path.

This can be set to null if your web server is capable of directing traffic to index.php without a query string param. If you’re using Apache, that means you’ll need to change the RewriteRule line in your .htaccess file to:

RewriteRule (.+) index.php [QSA,L]

::: code

php
->pathParam(null)
shell
CRAFT_PATH_PARAM=

:::

View source

permissionsPolicyHeader

Type
string, null
Default value
null
Since
3.6.14

The Permissions-Policy header that should be sent for web responses.

::: code

php
->permissionsPolicyHeader('Permissions-Policy: geolocation=(self)')
shell
CRAFT_PERMISSIONS_POLICY_HEADER=Permissions-Policy: geolocation=(self)

:::

View source

phpMaxMemoryLimit

Type
string, null
Default value
null

The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.

See https://php.net/manual/en/faq.using.php#faq.using.shorthandbytes for a list of acceptable values.

::: code

php
->phpMaxMemoryLimit('512M')
shell
CRAFT_PHP_MAX_MEMORY_LIMIT=512M

:::

View source

phpSessionName

Type
string
Default value
'CraftSessionId'

The name of the PHP session cookie.

::: code

php
->phpSessionName(null)
shell
CRAFT_PHP_SESSION_NAME=

:::

See also https://php.net/manual/en/function.session-name.php

View source

postCpLoginRedirect

Type
mixed
Default value
'dashboard'

The path users should be redirected to after logging into the control panel.

This setting will also come into effect if a user visits the control panel’s login page (/admin/login) or the control panel’s root URL (/admin) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->postCpLoginRedirect('entries')
shell
CRAFT_POST_CP_LOGIN_REDIRECT=entries

:::

See also getPostCpLoginRedirect()

View source

postLoginRedirect

Type
mixed
Default value
''

The path users should be redirected to after logging in from the front-end site.

This setting will also come into effect if the user visits the login page (as specified by the config4:loginPath config setting) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->postLoginRedirect('welcome')
shell
CRAFT_POST_LOGIN_REDIRECT=welcome

:::

See also getPostLoginRedirect()

View source

postLogoutRedirect

Type
mixed
Default value
''

The path that users should be redirected to after logging out from the front-end site.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->postLogoutRedirect('goodbye')
shell
CRAFT_POST_LOGOUT_REDIRECT=goodbye

:::

See also getPostLogoutRedirect()

View source

prefixGqlRootTypes

Type
boolean
Default value
true
Since
3.6.6

Whether the config4:gqlTypePrefix config setting should have an impact on query, mutation, and subscription types.

::: code

php
->prefixGqlRootTypes(false)
shell
CRAFT_PREFIX_GQL_ROOT_TYPES=false

:::

View source

preloadSingles

Type
boolean
Default value
false
Since
4.4.0

Whether Single section entries should be preloaded for Twig templates.

When enabled, Craft will make an educated guess on which Singles should be preloaded for each template based on the variable names that are referenced.

WARNING

You will need to clear your compiled templates from the Caches utility before this setting will take effect.

::: code

php
->preloadSingles()
shell
CRAFT_PRELOAD_SINGLES=true

:::

View source

preserveCmykColorspace

Type
boolean
Default value
false
Since
3.0.8

Whether CMYK should be preserved as the colorspace when manipulating images.

Setting this to true will prevent Craft from transforming CMYK images to sRGB, but on some ImageMagick versions it can cause image color distortion. This will only have an effect if ImageMagick is in use.

::: code

php
->preserveCmykColorspace(true)
shell
CRAFT_PRESERVE_CMYK_COLORSPACE=1

:::

View source

preserveExifData

Type
boolean
Default value
false

Whether the EXIF data should be preserved when manipulating and uploading images.

Setting this to true will result in larger image file sizes.

This will only have effect if ImageMagick is in use.

::: code

php
->preserveExifData(true)
shell
CRAFT_PRESERVE_EXIF_DATA=1

:::

View source

preserveImageColorProfiles

Type
boolean
Default value
true

Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.

Setting this to false will reduce the image size a little bit, but on some ImageMagick versions can cause images to be saved with an incorrect gamma value, which causes the images to become very dark. This will only have effect if ImageMagick is in use.

::: code

php
->preserveImageColorProfiles(false)
shell
CRAFT_PRESERVE_IMAGE_COLOR_PROFILES=false

:::

View source

preventUserEnumeration

Type
boolean
Default value
false

When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.

When set to false and you go through the “forgot password” flow from the control panel login page, you’ll get distinct messages indicating whether the username/email exists and whether an email was sent with further instructions. This can be helpful for the user attempting to log in but allow for username/email enumeration based on the response.

::: code

php
->preventUserEnumeration(true)
shell
CRAFT_PREVENT_USER_ENUMERATION=1

:::

View source

previewIframeResizerOptions

Type
array
Default value
[]
Since
3.5.0

Custom iFrame Resizer options that should be used for preview iframes.

php
->previewIframeResizerOptions([
    'autoResize' => false,
])

View source

previewTokenDuration

Type
mixed
Default value
null (1 day)
Since
3.7.0

The amount of time content preview tokens can be used before expiring.

Defaults to config4:defaultTokenDuration value.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
// 1 hour
->previewTokenDuration(3600)
shell
# 1 hour
CRAFT_PREVIEW_TOKEN_DURATION=3600

:::

View source

privateTemplateTrigger

Type
string
Default value
'_'

The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.

Set to an empty value to disable public template routing.

::: code

php
->privateTemplateTrigger('')
shell
CRAFT_PRIVATE_TEMPLATE_TRIGGER=

:::

View source

purgePendingUsersDuration

Type
mixed
Default value
0

The amount of time to wait before Craft purges pending users from the system that have not activated.

Any content assigned to a pending user will be deleted as well when the given time interval passes.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

TIP

Users will only be purged when garbage collection is run.

::: code

php
// 2 weeks
->purgePendingUsersDuration(1209600)
shell
# 2 weeks
CRAFT_PURGE_PENDING_USERS_DURATION=1209600

:::

View source

purgeStaleUserSessionDuration

Type
mixed
Default value
7776000 (90 days)
Since
3.3.0

The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
// 1 week
->purgeStaleUserSessionDuration(604800)
shell
# 1 week
CRAFT_PURGE_STALE_USER_SESSION_DURATION=604800

:::

View source

purgeUnsavedDraftsDuration

Type
mixed
Default value
2592000 (30 days)
Since
3.2.0

The amount of time to wait before Craft purges unpublished drafts that were never updated with content.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
->purgeUnsavedDraftsDuration(0)
shell
CRAFT_PURGE_UNSAVED_DRAFTS_DURATION=0

:::

View source

rasterizeSvgThumbs

Type
boolean
Default value
false
Since
3.6.0

Whether SVG thumbnails should be rasterized.

This will only work if ImageMagick is installed, and config4:imageDriver is set to either auto or imagick.

::: code

php
->rasterizeSvgThumbs(true)
shell
CRAFT_RASTERIZE_SVG_THUMBS=1

:::

View source

rememberUsernameDuration

Type
mixed
Default value
31536000 (1 year)

The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.

Set to 0 to disable this feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
->rememberUsernameDuration(0)
shell
CRAFT_REMEMBER_USERNAME_DURATION=0

:::

View source

rememberedUserSessionDuration

Type
mixed
Default value
1209600 (14 days)

The amount of time a user stays logged if “Remember Me” is checked on the login page.

Set to 0 to disable the “Remember Me” feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
->rememberedUserSessionDuration(0)
shell
CRAFT_REMEMBERED_USER_SESSION_DURATION=0

:::

View source

requireMatchingUserAgentForSession

Type
boolean
Default value
true

Whether Craft should require a matching user agent string when restoring a user session from a cookie.

::: code

php
->requireMatchingUserAgentForSession(false)
shell
CRAFT_REQUIRE_MATCHING_USER_AGENT_FOR_SESSION=false

:::

View source

requireUserAgentAndIpForSession

Type
boolean
Default value
true

Whether Craft should require the existence of a user agent string and IP address when creating a new user session.

::: code

php
->requireUserAgentAndIpForSession(false)
shell
CRAFT_REQUIRE_USER_AGENT_AND_IP_FOR_SESSION=false

:::

View source

resourceBasePath

Type
string
Default value
'@webroot/cpresources'

The path to the root directory that should store published control panel resources.

::: code

php
->resourceBasePath('@webroot/craft-resources')
shell
CRAFT_RESOURCE_BASE_PATH=@webroot/craft-resources

:::

View source

resourceBaseUrl

Type
string
Default value
'@web/cpresources'

The URL to the root directory that should store published control panel resources.

::: code

php
->resourceBaseUrl('@web/craft-resources')
shell
CRAFT_RESOURCE_BASE_URL=@web/craft-resources

:::

View source

restoreCommand

Type
string, null, false
Default value
null

The shell command Craft should execute to restore a database backup.

By default Craft will run mysql or psql, provided those libraries are in the $PATH variable for the user the web server is running as.

There are several tokens you can use that Craft will swap out at runtime:

  • {path} - the backup file path
  • {port} - the current database port
  • {server} - the current database hostname
  • {user} - the user to connect to the database
  • {database} - the current database name
  • {schema} - the current database schema (if any)

This can also be set to false to disable database restores completely.

::: code

php
->restoreCommand(false)
shell
CRAFT_RESTORE_COMMAND=false

:::

View source

revAssetUrls

Type
boolean
Default value
false
Since
3.7.0

Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.

::: code

php
->revAssetUrls(true)
shell
CRAFT_REV_ASSET_URLS=1

:::

View source

rotateImagesOnUploadByExifData

Type
boolean
Default value
true

Whether Craft should rotate images according to their EXIF data on upload.

::: code

php
->rotateImagesOnUploadByExifData(false)
shell
CRAFT_ROTATE_IMAGES_ON_UPLOAD_BY_EXIF_DATA=false

:::

View source

runQueueAutomatically

Type
boolean
Default value
true

Whether Craft should run pending queue jobs automatically when someone visits the control panel.

If disabled, an alternate queue worker must be set up separately, either as an always-running daemon, or a cron job that runs the queue/run command every minute:

cron
* * * * * /path/to/project/craft queue/run

TIP

This setting should be disabled for servers running Win32, or with Apache’s mod_deflate/mod_gzip installed, where PHP’s flush() method won’t work.

::: code

php
->runQueueAutomatically(false)
shell
CRAFT_RUN_QUEUE_AUTOMATICALLY=false

:::

View source

sameSiteCookieValue

Type
string, null
Default value
null
Since
3.1.33

The SameSite value that should be set on Craft cookies, if any.

View source

sanitizeCpImageUploads

Type
boolean
Default value
true
Since
3.6.0

Whether images uploaded via the control panel should be sanitized.

::: code

php
->sanitizeCpImageUploads(false)
shell
CRAFT_SANITIZE_CP_IMAGE_UPLOADS=false

:::

View source

sanitizeSvgUploads

Type
boolean
Default value
true

Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.

This should definitely be enabled if you are accepting SVG uploads from untrusted sources.

::: code

php
->sanitizeSvgUploads(false)
shell
CRAFT_SANITIZE_SVG_UPLOADS=false

:::

View source

secureHeaders

Type
array, null
Default value
null

Lists of headers that are, by default, subject to the trusted host configuration.

See yii\web\Request::$secureHeaders for more details.

If not set, the default yii\web\Request::$secureHeaders value will be used.

::: code

php
->secureHeaders([
    'X-Forwarded-For',
    'X-Forwarded-Host',
    'X-Forwarded-Proto',
    'X-Rewrite-Url',
    'X-Original-Host',
    'CF-Connecting-IP',
])
shell
CRAFT_SECURE_HEADERS=X-Forwarded-For,X-Forwarded-Host,X-Forwarded-Proto,X-Rewrite-Url,X-Original-Host,CF-Connecting-IP

:::

View source

secureProtocolHeaders

Type
array, null
Default value
null

List of headers to check for determining whether the connection is made via HTTPS.

See yii\web\Request::$secureProtocolHeaders for more details.

If not set, the default yii\web\Request::$secureProtocolHeaders value will be used.

php
->secureProtocolHeaders([
    'X-Forwarded-Proto' => [
        'https',
    ],
    'Front-End-Https' => [
        'on',
    ],
    'CF-Visitor' => [
        '{\"scheme\":\"https\"}',
    ],
])

View source

securityKey

Type
string
Default value
''

A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.

This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible.

php
->securityKey('2cf24dba5...')

View source

sendContentLengthHeader

Type
boolean
Default value
false
Since
3.7.3

Whether a Content-Length header should be sent with responses.

::: code

php
->sendContentLengthHeader(true)
shell
CRAFT_SEND_CONTENT_LENGTH_HEADER=1

:::

View source

sendPoweredByHeader

Type
boolean
Default value
true

Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft.

::: code

php
->sendPoweredByHeader(false)
shell
CRAFT_SEND_POWERED_BY_HEADER=false

:::

View source

setGraphqlDatesToSystemTimeZone

Type
boolean
Default value
false
Since
3.7.0

Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.

::: code

php
->setGraphqlDatesToSystemTimeZone(true)
shell
CRAFT_SET_GRAPHQL_DATES_TO_SYSTEM_TIMEZONE=1

:::

View source

setPasswordPath

Type
mixed
Default value
'setpassword'

The URI or URL that Craft should use for Set Password forms on the front end.

This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

TIP

You might also want to set config4:invalidUserTokenPath in case a user clicks on an expired password reset link.

::: code

php
->setPasswordPath('set-password')
shell
CRAFT_SET_PASSWORD_PATH=set-password

:::

See also getSetPasswordPath()

View source

setPasswordRequestPath

Type
mixed
Default value
null
Since
3.5.14

The URI to the page where users can request to change their password.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

If this is set, Craft will redirect .well-known/change-password requests to this URI.

TIP

You’ll also need to set setPasswordPath, which determines the URI and template path for the Set Password form where the user resets their password after following the link in the Password Reset email.

::: code

php
->setPasswordRequestPath('request-password')
shell
CRAFT_SET_PASSWORD_REQUEST_PATH=request-password

:::

See also getSetPasswordRequestPath()

View source

setPasswordSuccessPath

Type
mixed
Default value
''

The URI Craft should redirect users to after setting their password from the front end.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->setPasswordSuccessPath('password-set')
shell
CRAFT_SET_PASSWORD_SUCCESS_PATH=password-set

:::

See also getSetPasswordSuccessPath()

View source

showFirstAndLastNameFields

Type
boolean
Default value
false
Since
4.6.0

Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.

::: code

php
->showFirstAndLastNameFields()
shell
CRAFT_SHOW_FIRST_AND_LAST_NAME_FIELDS=true

:::

View source

siteToken

Type
string
Default value
'siteToken'
Since
3.5.0

The query string parameter name that site tokens should be set to.

::: code

php
->siteToken('t')
shell
CRAFT_SITE_TOKEN=t

:::

View source

slugWordSeparator

Type
string
Default value
'-'

The character(s) that should be used to separate words in slugs.

::: code

php
->slugWordSeparator('.')
shell
CRAFT_SLUG_WORD_SEPARATOR=.

:::

View source

softDeleteDuration

Type
mixed
Default value
2592000 (30 days)
Since
3.1.0

The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.

Set to 0 if you don’t ever want to delete soft-deleted items.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
->softDeleteDuration(0)
shell
CRAFT_SOFT_DELETE_DURATION=0

:::

View source

storeUserIps

Type
boolean
Default value
false
Since
3.1.0

Whether user IP addresses should be stored/logged by the system.

::: code

php
->storeUserIps(true)
shell
CRAFT_STORE_USER_IPS=1

:::

View source

testToEmailAddress

Type
string, array, null, false
Default value
null

Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.

By default, the recipient name(s) will be “Test Recipient”, but you can customize that by setting the value with the format ['me@domain.tld' => 'Name'].

::: code

php
->testToEmailAddress('me@domain.tld')
shell
CRAFT_TEST_TO_EMAIL_ADDRESS=me@domain.tld

:::

View source

timezone

Type
string, null
Default value
null

The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.

This can be set to one of PHP’s supported timezones.

::: code

php
->timezone('Europe/London')
shell
CRAFT_TIMEZONE=Europe/London

:::

View source

tokenParam

Type
string
Default value
'token'

The query string parameter name that Craft tokens should be set to.

::: code

php
->tokenParam('t')
shell
CRAFT_TOKEN_PARAM=t

:::

View source

transformGifs

Type
boolean
Default value
true
Since
3.0.7

Whether GIF files should be cleansed/transformed.

::: code

php
->transformGifs(false)
shell
CRAFT_TRANSFORM_GIFS=false

:::

View source

transformSvgs

Type
boolean
Default value
true
Since
3.7.1

Whether SVG files should be transformed.

::: code

php
->transformSvgs(false)
shell
CRAFT_TRANSFORM_SVGS=false

:::

View source

translationDebugOutput

Type
boolean
Default value
false

Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the |translate filter.

::: code

php
->translationDebugOutput(true)
shell
CRAFT_TRANSLATION_DEBUG_OUTPUT=1

:::

View source

trustedHosts

Type
array
Default value
[ 'any', ]

The configuration for trusted security-related headers.

See yii\web\Request::$trustedHosts for more details.

By default, all hosts are trusted.

::: code

php
->trustedHosts(['trusted-one.foo', 'trusted-two.foo'])
shell
CRAFT_TRUSTED_HOSTS=trusted-one.foo,trusted-two.foo

:::

View source

upscaleImages

Type
boolean
Default value
true
Since
3.4.0

Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.

::: code

php
->upscaleImages(false)
shell
CRAFT_UPSCALE_IMAGES=false

:::

View source

useEmailAsUsername

Type
boolean
Default value
false

Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.

If you enable this setting after user accounts already exist, run this terminal command to update existing usernames:

bash
php craft utils/update-usernames

::: code

php
->useEmailAsUsername(true)
shell
CRAFT_USE_EMAIL_AS_USERNAME=1

:::

View source

useFileLocks

Type
boolean, null
Default value
null

Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.

Some file systems, such as NFS, do not support exclusive file locking.

If null, Craft will try to detect if the underlying file system supports exclusive file locking and cache the results.

::: code

php
->useFileLocks(false)
shell
CRAFT_USE_FILE_LOCKS=false

:::

See also https://php.net/manual/en/function.file-put-contents.php

View source

useIframeResizer

Type
boolean
Default value
false
Since
3.5.5

Whether iFrame Resizer options should be used for Live Preview.

Using iFrame Resizer makes it possible for Craft to retain the preview’s scroll position between page loads, for cross-origin web pages.

It works by setting the height of the iframe to match the height of the inner web page, and the iframe’s container will be scrolled rather than the iframe document itself. This can lead to some unexpected CSS issues, however, because the previewed viewport height will be taller than the visible portion of the iframe.

If you have a decoupled front end, you will need to include iframeResizer.contentWindow.min.js on your page as well for this to work. You can conditionally include it for only Live Preview requests by checking if the requested URL contains a x-craft-live-preview query string parameter.

TIP

You can customize the behavior of iFrame Resizer via the config4:previewIframeResizerOptions config setting.

::: code

php
->useIframeResizer(true)
shell
CRAFT_USE_IFRAME_RESIZER=1

:::

View source

usePathInfo

Type
boolean
Default value
false

Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.

This setting only takes effect if config4:omitScriptNameInUrls is set to false.

::: code

php
->usePathInfo(true)
shell
CRAFT_USE_PATH_INFO=1

:::

View source

useSecureCookies

Type
boolean, string
Default value
'auto'

Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.

Valid values are true, false, and 'auto'. Defaults to 'auto', which will set the secure flag if the page you’re currently accessing is over https://. true will always set the flag, regardless of protocol and false will never automatically set the flag.

::: code

php
->useSecureCookies(true)
shell
CRAFT_USE_SECURE_COOKIES=1

:::

View source

useSslOnTokenizedUrls

Type
boolean, string
Default value
'auto'

Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto', Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https in the tokenized URL. If not, will use http.

If set to false, Craft will always use http. If set to true, then, Craft will always use https.

::: code

php
->useSslOnTokenizedUrls(true)
shell
CRAFT_USE_SSL_ON_TOKENIZED_URLS=1

:::

View source

userSessionDuration

Type
mixed
Default value
3600 (1 hour)

The amount of time before a user will get logged out due to inactivity.

Set to 0 if you want users to stay logged in as long as their browser is open rather than a predetermined amount of time.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
// 3 hours
->userSessionDuration(10800)
shell
# 3 hours
CRAFT_USER_SESSION_DURATION=10800

:::

View source

verificationCodeDuration

Type
mixed
Default value
86400 (1 day)

The amount of time a user verification code can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php
// 1 hour
->verificationCodeDuration(3600)
shell
# 1 hour
CRAFT_VERIFICATION_CODE_DURATION=3600

:::

View source

verifyEmailPath

Type
mixed
Default value
'verifyemail'
Since
3.4.0

The URI or URL that Craft should use for email verification links on the front end.

This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->verifyEmailPath('verify-email')
shell
CRAFT_VERIFY_EMAIL_PATH=verify-email

:::

See also getVerifyEmailPath()

View source

verifyEmailSuccessPath

Type
mixed
Default value
''
Since
3.1.20

The URI that users without access to the control panel should be redirected to after verifying a new email address.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php
->verifyEmailSuccessPath('verified-email')
shell
CRAFT_VERIFY_EMAIL_SUCCESS_PATH=verified-email

:::

See also getVerifyEmailSuccessPath()

View source

Protected Properties

PropertyDescription
filenamestring, null – The config filename
renamedSettings

filename

Type
string, null
Default value
\craft\services\Config::CATEGORY_GENERAL

The config filename

View source

renamedSettings

Default value
[ 'activateAccountFailurePath' => 'invalidUserTokenPath', 'allowAutoUpdates' => 'allowUpdates', 'backupDbOnUpdate' => 'backupOnUpdate', 'defaultFilePermissions' => 'defaultFileMode', 'defaultFolderPermissions' => 'defaultDirMode', 'enableGraphQlCaching' => 'enableGraphqlCaching', 'environmentVariables' => 'aliases', 'isSystemOn' => 'isSystemLive', 'restoreDbOnUpdateFailure' => 'restoreOnUpdateFailure', 'useWriteFileLock' => 'useFileLocks', 'validationKey' => 'securityKey', ]

View source

Public Methods

MethodDescription
__call()Calls the named method which is not a class method.
__clone()
__construct()
__get()Returns the value of a component property.
__isset()Checks if a property is set, i.e. defined and not null.
__set()Sets the value of a component property.
__unset()Sets a component property to be null.
accessibilityDefaults()The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
actionTrigger()The URI segment Craft should look for when determining if the current request should be routed to a controller action.
activateAccountSuccessPath()The URI that users without access to the control panel should be redirected to after activating their account.
activeAttributes()Returns the attribute names that are subject to validation in the current scenario.
addError()Adds a new error to the specified attribute.
addErrors()Adds a list of errors.
addModelErrors()Adds errors from another model, with a given attribute name prefix.
addTrailingSlashesToUrls()Whether auto-generated URLs should have trailing slashes.
afterValidate()This method is invoked after validation ends.
aliases()Any custom Yii aliases that should be defined for every request.
allowAdminChanges()Whether admins should be allowed to make administrative changes to the system.
allowSimilarTags()Whether users should be allowed to create similarly-named tags.
allowUpdates()Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
allowUppercaseInSlug()Whether uppercase letters should be allowed in slugs.
allowedFileExtensions()The file extensions Craft should allow when a user is uploading files.
allowedGraphqlOrigins()The Ajax origins that should be allowed to access the GraphQL API, if enabled.
attachBehavior()Attaches a behavior to this component.
attachBehaviors()Attaches a list of behaviors to the component.
attributeHints()Returns the attribute hints.
attributeLabels()Returns the attribute labels.
attributes()Returns the list of attribute names.
autoLoginAfterAccountActivation()Whether users should automatically be logged in after activating their account or resetting their password.
backupCommand()The shell command that Craft should execute to create a database backup.
backupOnUpdate()Whether Craft should create a database backup before applying a new system update.
baseCpUrl()The base URL Craft should use when generating control panel URLs.
beforeValidate()This method is invoked before validation starts.
behaviors()Returns a list of behaviors that this component should behave as.
blowfishHashCost()The higher the cost value, the longer it takes to generate a password hash and to verify against it.
brokenImagePath()The server path to an image file that should be sent when responding to an image request with a 404 status code.
buildId()A unique ID representing the current build of the codebase.
cacheDuration()The default length of time Craft will store data, RSS feed, and template caches.
canGetProperty()Returns a value indicating whether a property can be read.
canSetProperty()Returns a value indicating whether a property can be set.
className()Returns the fully qualified name of this class.
clearErrors()Removes errors for all attributes or a single attribute.
convertFilenamesToAscii()Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).
cooldownDuration()The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
cpHeadTags()List of additional HTML tags that should be included in the <head> of control panel pages.
cpTrigger()The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
create()Factory method for creating new config objects.
createValidators()Creates validator objects based on the validation rules specified in rules().
csrfTokenName()The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true.
datetimeAttributes()Returns the names of any attributes that should hold DateTime values.
defaultCookieDomain()The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.
defaultCountryCode()The two-letter country code that addresses will be set to by default.
defaultCpLanguage()The default language the control panel should use for users who haven’t set a preferred language yet.
defaultCpLocale()The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
defaultDirMode()The default permission to be set for newly-generated directories.
defaultFileMode()The default permission to be set for newly-generated files.
defaultImageQuality()The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).
defaultSearchTermOptions()The default options that should be applied to each search term.
defaultTemplateExtensions()The template file extensions Craft will look for when matching a template path to a file on the front end.
defaultTokenDuration()The default amount of time tokens can be used before expiring.
defaultWeekStartDay()The default day new users should have set as their Week Start Day.
deferPublicRegistrationPassword()By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.
detachBehavior()Detaches a behavior from the component.
detachBehaviors()Detaches all behaviors from the component.
devMode()Whether the system should run in Dev Mode.
disableGraphqlTransformDirective()Whether the transform directive should be disabled for the GraphQL API.
disabledPlugins()Array of plugin handles that should be disabled, regardless of what the project config says.
disabledUtilities()Array of utility IDs that should be disabled.
disallowRobots()Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
elevatedSessionDuration()The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
enableBasicHttpAuth()Whether front-end web requests should support basic HTTP authentication.
enableCsrfCookie()Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.
enableCsrfProtection()Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
enableGql()Whether the GraphQL API should be enabled.
enableGraphqlCaching()Whether Craft should cache GraphQL queries.
enableGraphqlIntrospection()Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.
enableTemplateCaching()Whether to enable Craft’s template {% cache %} tag on a global basis.
ensureBehaviors()Makes sure that the behaviors declared in behaviors() are attached to this component.
errorTemplatePrefix()The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
extraAllowedFileExtensions()List of file extensions that will be merged into the config4:allowedFileExtensions config setting.
extraAppLocales()List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
extraFields()Returns the list of fields that can be expanded further and returned by toArray().
extraFileKinds()List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().
extraLastNamePrefixes()Any additional last name prefixes that should be supported by the name parser.
extraNameSalutations()Any additional name salutations that should be supported by the name parser.
extraNameSuffixes()Any additional name suffixes that should be supported by the name parser.
fields()Returns the list of fields that should be returned by default by toArray() when no specific fields are specified.
filenameWordSeparator()The string to use to separate words when uploading assets. If set to false, spaces will be left alone.
formName()Returns the form name that this model class should use.
generateAttributeLabel()Generates a user friendly attribute label based on the give attribute name.
generateTransformsBeforePageLoad()Whether image transforms should be generated before page load.
getActivateAccountSuccessPath()Returns the localized Activate Account Success Path value.
getActiveValidators()Returns the validators applicable to the current scenario.
getAttributeHint()Returns the text hint for the specified attribute.
getAttributeLabel()Returns the text label for the specified attribute.
getAttributes()Returns attribute values.
getBackupOnUpdate()Returns whether the DB should be backed up before running new migrations.
getBehavior()Returns the named behavior object.
getBehaviors()Returns all behaviors attached to this component.
getErrorSummary()Returns the errors for all attributes as a one-dimensional array.
getErrors()Returns the errors for all attributes or a single attribute.
getFirstError()Returns the first error of the specified attribute.
getFirstErrors()Returns the first error of every attribute in the model.
getInvalidUserTokenPath()Returns the localized Invalid User Token Path value.
getIterator()Returns an iterator for traversing the attributes in the model.
getLoginPath()Returns the localized Login Path value.
getLogoutPath()Returns the localized Logout Path value.
getPageTrigger()Returns the normalized page trigger.
getPostCpLoginRedirect()Returns the localized Post-Login Redirect path for the control panel.
getPostLoginRedirect()Returns the localized Post-Login Redirect path.
getPostLogoutRedirect()Returns the localized Post-Logout Redirect path.
getRememberedUserSessionDuration()Returns the remembered user session duration as a DateInterval object, if it’s set.
getScenario()Returns the scenario that this model is used in.
getSetPasswordPath()Returns the localized Set Password Path value.
getSetPasswordRequestPath()Returns the localized Set Password Request Path value.
getSetPasswordSuccessPath()Returns the localized Set Password Success Path value.
getTestToEmailAddress()Returns the normalized test email addresses.
getValidators()Returns all the validators declared in rules().
getVerifyEmailPath()Returns the localized Verify Email Path value.
getVerifyEmailSuccessPath()Returns the localized Verify Email Success Path value.
gqlTypePrefix()Prefix to use for all type names returned by GraphQL.
handleCasing()The casing to use for autogenerated component handles.
hasErrors()Returns a value indicating whether there is any validation error.
hasEventHandlers()Returns a value indicating whether there is any handler attached to the named event.
hasMethod()Returns a value indicating whether a method is defined.
hasProperty()Returns a value indicating whether a property is defined for this component.
headlessMode()Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
httpProxy()The proxy server that should be used for outgoing HTTP requests.
imageDriver()The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior.
imageEditorRatios()An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.
indexTemplateFilenames()The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
init()Initializes the object.
instance()Returns static class instance, which can be used to obtain meta information.
invalidLoginWindowDuration()The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
invalidUserTokenPath()The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.
ipHeaders()List of headers where proxies store the real client IP.
isAttributeActive()Returns a value indicating whether the attribute is active in the current scenario.
isAttributeRequired()Returns a value indicating whether the attribute is required.
isAttributeSafe()Returns a value indicating whether the attribute is safe for massive assignments.
isSystemLive()Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.
limitAutoSlugsToAscii()Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
load()Populates the model with input data.
loadMultiple()Populates a set of models with the data from end user.
loginPath()The URI Craft should use for user login on the front end.
logoutPath()The URI Craft should use for user logout on the front end.
maxBackups()The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.
maxCachedCloudImageSize()The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.
maxGraphqlBatchSize()The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.
maxGraphqlComplexity()The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.
maxGraphqlDepth()The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.
maxGraphqlResults()The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.
maxInvalidLogins()The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
maxRevisions()The maximum number of revisions that should be stored for each element.
maxSlugIncrement()The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
maxUploadFileSize()The maximum upload file size allowed.
off()Detaches an existing event handler from this component.
offsetExists()Returns whether there is an element at the specified offset.
offsetGet()Returns the element at the specified offset.
offsetSet()Sets the element at the specified offset.
offsetUnset()Sets the element value at the specified offset to null.
omitScriptNameInUrls()Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)
on()Attaches an event handler to an event.
onUnsafeAttribute()This method is invoked when an unsafe attribute is being massively assigned.
optimizeImageFilesize()Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)
pageTrigger()The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
pathParam()The query string param that Craft will check when determining the request’s path.
permissionsPolicyHeader()The Permissions-Policy header that should be sent for web responses.
phpMaxMemoryLimit()The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.
phpSessionName()The name of the PHP session cookie.
postCpLoginRedirect()The path users should be redirected to after logging into the control panel.
postLoginRedirect()The path users should be redirected to after logging in from the front-end site.
postLogoutRedirect()The path that users should be redirected to after logging out from the front-end site.
prefixGqlRootTypes()Whether the config4:gqlTypePrefix config setting should have an impact on query, mutation, and subscription types.
preloadSingles()Whether Single section entries should be preloaded for Twig templates.
preserveCmykColorspace()Whether CMYK should be preserved as the colorspace when manipulating images.
preserveExifData()Whether the EXIF data should be preserved when manipulating and uploading images.
preserveImageColorProfiles()Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
preventUserEnumeration()When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
previewIframeResizerOptions()Custom iFrame Resizer options that should be used for preview iframes.
previewTokenDuration()The amount of time content preview tokens can be used before expiring.
privateTemplateTrigger()The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
purgePendingUsersDuration()The amount of time to wait before Craft purges pending users from the system that have not activated.
purgeStaleUserSessionDuration()The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
purgeUnsavedDraftsDuration()The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
rasterizeSvgThumbs()Whether SVG thumbnails should be rasterized.
rememberUsernameDuration()The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
rememberedUserSessionDuration()The amount of time a user stays logged if “Remember Me” is checked on the login page.
requireMatchingUserAgentForSession()Whether Craft should require a matching user agent string when restoring a user session from a cookie.
requireUserAgentAndIpForSession()Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
resourceBasePath()The path to the root directory that should store published control panel resources.
resourceBaseUrl()The URL to the root directory that should store published control panel resources.
restoreCommand()The shell command Craft should execute to restore a database backup.
revAssetUrls()Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
rotateImagesOnUploadByExifData()Whether Craft should rotate images according to their EXIF data on upload.
rules()Returns the validation rules for attributes.
runQueueAutomatically()Whether Craft should run pending queue jobs automatically when someone visits the control panel.
safeAttributes()Returns the attribute names that are safe to be massively assigned in the current scenario.
sameSiteCookieValue()The SameSite value that should be set on Craft cookies, if any.
sanitizeCpImageUploads()Whether images uploaded via the control panel should be sanitized.
sanitizeSvgUploads()Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
scenarios()Returns a list of scenarios and the corresponding active attributes.
secureHeaders()Lists of headers that are, by default, subject to the trusted host configuration.
secureProtocolHeaders()List of headers to check for determining whether the connection is made via HTTPS.
securityKey()A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
sendContentLengthHeader()Whether a Content-Length header should be sent with responses.
sendPoweredByHeader()Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft.
setAttributes()Sets the attribute values in a massive way.
setGraphqlDatesToSystemTimeZone()Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
setPasswordPath()The URI or URL that Craft should use for Set Password forms on the front end.
setPasswordRequestPath()The URI to the page where users can request to change their password.
setPasswordSuccessPath()The URI Craft should redirect users to after setting their password from the front end.
setScenario()Sets the scenario for the model.
showFirstAndLastNameFields()Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.
siteToken()The query string parameter name that site tokens should be set to.
slugWordSeparator()The character(s) that should be used to separate words in slugs.
softDeleteDuration()The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
storeUserIps()Whether user IP addresses should be stored/logged by the system.
testToEmailAddress()Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
timezone()The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.
toArray()Converts the model into an array.
tokenParam()The query string parameter name that Craft tokens should be set to.
transformGifs()Whether GIF files should be cleansed/transformed.
transformSvgs()Whether SVG files should be transformed.
translationDebugOutput()Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the `
trigger()Triggers an event.
trustedHosts()The configuration for trusted security-related headers.
upscaleImages()Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
useEmailAsUsername()Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
useFileLocks()Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.
useIframeResizer()Whether iFrame Resizer options should be used for Live Preview.
usePathInfo()Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.
useSecureCookies()Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.
useSslOnTokenizedUrls()Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto', Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https in the tokenized URL. If not, will use http.
userSessionDuration()The amount of time before a user will get logged out due to inactivity.
validate()Performs the data validation.
validateMultiple()Validates multiple models.
verificationCodeDuration()The amount of time a user verification code can be used before expiring.
verifyEmailPath()The URI or URL that Craft should use for email verification links on the front end.
verifyEmailSuccessPath()The URI that users without access to the control panel should be redirected to after verifying a new email address.

__set()

Sets the value of a component property.

This method will check in the following order and act accordingly:

  • a property defined by a setter: set the property value
  • an event in the format of "on xyz": attach the handler to the event "xyz"
  • a behavior in the format of "as xyz": attach the behavior named as "xyz"
  • a property of a behavior: set the behavior property value

Do not call this method directly as it is a PHP magic method that will be implicitly called when executing $component->property = $value;.

View source

Arguments

  • $name (string) – The property name or the event name
  • $value (mixed) – The property value

Throws

accessibilityDefaults()

Since
4.2.0

The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.

The array can contain the following keys:

  • alwaysShowFocusRings - Whether focus rings should always be shown when an element has focus.
  • useShapes – Whether shapes should be used to represent statuses.
  • underlineLinks – Whether links should be underlined.
  • notificationDuration – How long notifications should be shown before they disappear automatically (in milliseconds). Set to 0 to show them indefinitely.
php
->accessibilityDefaults([
    'useShapes' => true,
])

View source

Arguments

Returns

self

actionTrigger()

Since
4.2.0

The URI segment Craft should look for when determining if the current request should be routed to a controller action.

php
->actionTrigger('do-it')

View source

Arguments

Returns

self

activateAccountSuccessPath()

Since
4.2.0

The URI that users without access to the control panel should be redirected to after activating their account.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php
->activateAccountSuccessPath('welcome')

See also getActivateAccountSuccessPath()View source

Arguments

  • $value (mixed)

Returns

self

addTrailingSlashesToUrls()

Since
4.2.0

Whether auto-generated URLs should have trailing slashes.

php
->addTrailingSlashesToUrls(true)

View source

Arguments

Returns

self

aliases()

Since
4.2.0

Any custom Yii aliases that should be defined for every request.

php
->aliases([
    '@webroot' => '/var/www/',
])

View source

Arguments

Returns

self

allowAdminChanges()

Since
4.2.0

Whether admins should be allowed to make administrative changes to the system.

When this is disabled, the Settings section will be hidden, the Craft edition and Craft/plugin versions will be locked, and the project config and Plugin Store will become read-only—though Craft and plugin licenses may still be purchased.

It’s best to disable this in production environments with a deployment workflow that runs composer install and propagates project config updates on deploy.

WARNING

Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.

php
->allowAdminChanges(false)

View source

Arguments

Returns

self

allowSimilarTags()

Since
4.2.0

Whether users should be allowed to create similarly-named tags.

php
->allowSimilarTags(true)

View source

Arguments

Returns

self

allowUpdates()

Since
4.2.0

Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.

This setting will automatically be disabled if config4:allowAdminChanges is disabled.

php
->allowUpdates(false)

View source

Arguments

Returns

self

allowUppercaseInSlug()

Since
4.2.0

Whether uppercase letters should be allowed in slugs.

php
->allowUppercaseInSlug(true)

View source

Arguments

Returns

self

allowedFileExtensions()

Since
4.2.0

The file extensions Craft should allow when a user is uploading files.

php
// Nothing bug GIFs!
->allowedFileExtensions([
    'gif',
])

View source

Arguments

Returns

self

allowedGraphqlOrigins()

Since
4.2.0

The Ajax origins that should be allowed to access the GraphQL API, if enabled.

If this is set to an array, then graphql/api requests will only include the current request’s origin in the Access-Control-Allow-Origin response header if it’s listed here.

If this is set to false, then the Access-Control-Allow-Origin response header will never be sent.

php
->allowedGraphqlOrigins(false)

View source

Arguments

Returns

self

autoLoginAfterAccountActivation()

Since
4.2.0

Whether users should automatically be logged in after activating their account or resetting their password.

php
->autoLoginAfterAccountActivation(true)

View source

Arguments

Returns

self

backupCommand()

Since
4.2.0

The shell command that Craft should execute to create a database backup.

When set to null (default), Craft will run mysqldump or pg_dump, provided that those libraries are in the $PATH variable for the system user running the web server.

You may provide your own command, which can include several tokens Craft will substitute at runtime:

  • {file} - the target backup file path
  • {port} - the current database port
  • {server} - the current database hostname
  • {user} - user that was used to connect to the database
  • {password} - password for the specified {user}
  • {database} - the current database name
  • {schema} - the current database schema (if any)

This can also be set to false to disable database backups completely.

php
->backupCommand(false)

View source

Arguments

Returns

self

backupOnUpdate()

Since
4.2.0

Whether Craft should create a database backup before applying a new system update.

php
->backupOnUpdate(false)

View source

Arguments

Returns

self

baseCpUrl()

Since
4.2.0

The base URL Craft should use when generating control panel URLs.

It will be determined automatically if left blank.

TIP

The base control panel URL should not include the control panel trigger word (e.g. /admin).

php
->baseCpUrl('https://cms.my-project.tld/')

View source

Arguments

Returns

self

blowfishHashCost()

Since
4.2.0

The higher the cost value, the longer it takes to generate a password hash and to verify against it.

Therefore, higher cost slows down a brute-force attack.

For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.

The time taken to compute the hash doubles for every increment by one for this value.

For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.

php
->blowfishHashCost(15)

View source

Arguments

Returns

self

brokenImagePath()

Since
4.2.0

The server path to an image file that should be sent when responding to an image request with a 404 status code.

This can be set to an aliased path such as @webroot/assets/404.svg.

php
->brokenImagePath('@webroot/assets/404.svg')

View source

Arguments

Returns

self

buildId()

Since
4.2.0

A unique ID representing the current build of the codebase.

This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.

php
->buildId(\craft\helpers\App::env('GIT_SHA'))

View source

Arguments

Returns

self

cacheDuration()

Since
4.2.0

The default length of time Craft will store data, RSS feed, and template caches.

If set to 0, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php
->cacheDuration(0)

View source

Arguments

  • $value (mixed)

Returns

self

convertFilenamesToAscii()

Since
4.2.0

Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).

TIP

You can run php craft utils/ascii-filenames in your terminal to apply ASCII filenames to all existing assets.

php
->convertFilenamesToAscii(false)

View source

Arguments

Returns

self

cooldownDuration()

Since
4.2.0

The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.

Set to 0 to keep the account locked indefinitely, requiring an admin to manually unlock the account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php
->cooldownDuration(0)

View source

Arguments

  • $value (mixed)

Returns

self

cpHeadTags()

Since
4.2.0

List of additional HTML tags that should be included in the <head> of control panel pages.

Each tag can be specified as an array of the tag name and its attributes.

For example, you can give the control panel a custom favicon (etc.) like this:

php
->cpHeadTags([
    // Traditional favicon
    ['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
    // Scalable favicon for browsers that support them
    ['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
    // Touch icon for mobile devices
    ['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
    // Pinned tab icon for Safari
    ['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])

View source

Arguments

Returns

self

cpTrigger()

Since
4.2.0

The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.

This can be set to null if you have a dedicated hostname for the control panel (e.g. cms.my-project.tld), or you are running Craft in Headless Mode. If you do that, you will need to ensure that the control panel is being served from its own web root directory on your server, with an index.php file that defines the CRAFT_CP PHP constant.

php
define('CRAFT_CP', true);

Alternatively, you can set the config4:baseCpUrl config setting, but then you will run the risk of losing access to portions of your control panel due to URI conflicts with actual folders/files in your main web root.

(For example, if you have an assets/ folder, that would conflict with the /assets page in the control panel.)

php
->cpTrigger(null)

View source

Arguments

Returns

self

csrfTokenName()

Since
4.2.0

The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true.

php
->csrfTokenName('MY_CSRF')

See also enableCsrfProtection()View source

Arguments

Returns

self

defaultCookieDomain()

Since
4.2.0

The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.

php
->defaultCookieDomain('.my-project.tld')

View source

Arguments

Returns

self

defaultCountryCode()

Since
4.5.0

The two-letter country code that addresses will be set to by default.

See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for a list of acceptable country codes.

php
->defaultCountryCode('GB')

View source

Arguments

Returns

self

defaultCpLanguage()

Since
4.2.0

The default language the control panel should use for users who haven’t set a preferred language yet.

php
->defaultCpLanguage('en-US')

View source

Arguments

Returns

self

Throws

defaultCpLocale()

Since
4.2.0

The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.

If this is null, the config4:defaultCpLanguage config setting will determine which locale is used for date/number formatting by default.

php
->defaultCpLocale('en-US')

View source

Arguments

Returns

self

defaultDirMode()

Since
4.2.0

The default permission to be set for newly-generated directories.

If set to null, the permission will be determined by the current environment.

php
->defaultDirMode(0744)

View source

Arguments

  • $value (mixed)

Returns

self

defaultFileMode()

Since
4.2.0

The default permission to be set for newly-generated files.

If set to null, the permission will be determined by the current environment.

php
->defaultFileMode(0744)

View source

Arguments

Returns

self

defaultImageQuality()

Since
4.2.0

The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).

php
->defaultImageQuality(90)

View source

Arguments

Returns

self

defaultSearchTermOptions()

Since
4.2.0

The default options that should be applied to each search term.

Options include:

  • subLeft – Whether to include keywords that contain the term, with additional characters before it. (false by default)
  • subRight – Whether to include keywords that contain the term, with additional characters after it. (true by default)
  • exclude – Whether search results should exclude records with this term. (false by default)
  • exact – Whether the term must be an exact match (only applies if the search term specifies an attribute). (false by default)
php
->defaultSearchTermOptions([
    'subLeft' => true,
    'exclude' => 'secret',
])

View source

Arguments

Returns

self

defaultTemplateExtensions()

Since
4.2.0

The template file extensions Craft will look for when matching a template path to a file on the front end.

php
->defaultTemplateExtensions(['html', 'twig', 'txt'])

View source

Arguments

Returns

self

defaultTokenDuration()

Since
4.2.0

The default amount of time tokens can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php
// One week
->defaultTokenDuration(604800)

View source

Arguments

  • $value (mixed)

Returns

self

defaultWeekStartDay()

Since
4.2.0

The default day new users should have set as their Week Start Day.

This should be set to one of the following integers:

  • 0 – Sunday
  • 1 – Monday
  • 2 – Tuesday
  • 3 – Wednesday
  • 4 – Thursday
  • 5 – Friday
  • 6 – Saturday
php
->defaultWeekStartDay(0)

View source

Arguments

Returns

self

deferPublicRegistrationPassword()

Since
4.2.0

By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.

If you have email verification enabled, new users will set their password once they’ve followed the verification link in the email. If you don’t, the only way they can set their password is to go through your “forgot password” workflow.

php
->deferPublicRegistrationPassword(true)

View source

Arguments

Returns

self

devMode()

Since
4.2.0

Whether the system should run in Dev Mode.

php
->devMode(true)

View source

Arguments

Returns

self

disableGraphqlTransformDirective()

Since
4.2.0

Whether the transform directive should be disabled for the GraphQL API.

php
->disableGraphqlTransformDirective(true)

View source

Arguments

Returns

self

disabledPlugins()

Since
4.2.0

Array of plugin handles that should be disabled, regardless of what the project config says.

php
->disabledPlugins([
    'webhooks',
])

This can also be set to '*' to disable all plugins.

php
->dev([
    'disabledPlugins' => '*',
])

WARNING

This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.

php
->disabledPlugins(['redactor', 'webhooks'])

View source

Arguments

Returns

self

disabledUtilities()

Since
4.6.0

Array of utility IDs that should be disabled.

::: code

php
 ->disabledUtilities([
     'updates',
     'find-replace',
 ])
shell
CRAFT_DISABLED_UTILITIES=updates,find-replace

:::

View source

Arguments

Returns

self

disallowRobots()

Since
4.2.0

Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.

TIP

This should be set to true for development and staging environments.

php
->disallowRobots(true)

View source

Arguments

Returns

self

elevatedSessionDuration()

Since
4.2.0

The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).

Set to 0 to disable elevated session support.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php
->elevatedSessionDuration(0)

View source

Arguments

  • $value (mixed)

Returns

self

enableBasicHttpAuth()

Since
4.2.0

Whether front-end web requests should support basic HTTP authentication.

php
->enableBasicHttpAuth(true)

View source

Arguments

Returns

self

enableCsrfCookie()

Since
4.2.0

Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.

php
->enableCsrfCookie(false)

View source

Arguments

Returns

self

enableCsrfProtection()

Since
4.2.0

Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.

php
->enableCsrfProtection(false)

View source

Arguments

Returns

self

enableGql()

Since
4.2.0

Whether the GraphQL API should be enabled.

The GraphQL API is only available for Craft Pro.

php
->enableGql(false)

View source

Arguments

Returns

self

enableGraphqlCaching()

Since
4.2.0

Whether Craft should cache GraphQL queries.

If set to true, Craft will cache the results for unique GraphQL queries per access token. The cache is automatically invalidated any time an element is saved, the site structure is updated, or a GraphQL schema is saved.

This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result property.

php
->enableGraphqlCaching(false)

View source

Arguments

Returns

self

enableGraphqlIntrospection()

Since
4.2.0

Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.

php
->enableGraphqlIntrospection(false)

View source

Arguments

Returns

self

enableTemplateCaching()

Since
4.2.0

Whether to enable Craft’s template {% cache %} tag on a global basis.

php
->enableTemplateCaching(false)

See also https://craftcms.com/docs/templating/cacheView source

Arguments

Returns

self

errorTemplatePrefix()

Since
4.2.0

The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.

If set to '_' your site’s 404 template would live at templates/_404.twig, for example.

php
->errorTemplatePrefix('_')

View source

Arguments

Returns

self

extraAllowedFileExtensions()

Since
4.2.0

List of file extensions that will be merged into the config4:allowedFileExtensions config setting.

php
->extraAllowedFileExtensions(['mbox', 'xml'])

View source

Arguments

Returns

self

extraAppLocales()

Since
4.2.0

List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.

php
->extraAppLocales(['uk'])

View source

Arguments

Returns

self

Throws

extraFileKinds()

Since
4.2.0

List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().

php
->extraFileKinds([
    // merge .psb into list of Photoshop file kinds
    'photoshop' => [
        'extensions' => ['psb'],
    ],
    // register new "Stylesheet" file kind
    'stylesheet' => [
        'label' => 'Stylesheet',
        'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
    ],
])

TIP

File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions config setting.

View source

Arguments

Returns

self

extraLastNamePrefixes()

Since
4.3.0

Any additional last name prefixes that should be supported by the name parser.

php
->extraLastNamePrefixes(['Dal', 'Van Der'])

View source

Arguments

Returns

self

extraNameSalutations()

Since
4.3.0

Any additional name salutations that should be supported by the name parser.

php
->extraNameSalutations(['Lady', 'Sire'])

View source

Arguments

Returns

self

extraNameSuffixes()

Since
4.3.0

Any additional name suffixes that should be supported by the name parser.

php
->extraNameSuffixes(['CCNA', 'OBE'])

View source

Arguments

Returns

self

filenameWordSeparator()

Since
4.2.0

The string to use to separate words when uploading assets. If set to false, spaces will be left alone.

php
->filenameWordSeparator(false)

View source

Arguments

Returns

self

generateTransformsBeforePageLoad()

Since
4.2.0

Whether image transforms should be generated before page load.

php
->generateTransformsBeforePageLoad(true)

View source

Arguments

Returns

self

getActivateAccountSuccessPath()

Returns the localized Activate Account Success Path value.

See also activateAccountSuccessPath()View source

Arguments

  • $siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

getBackupOnUpdate()

Returns whether the DB should be backed up before running new migrations.