GeneralConfig

Type: Class
Namespace: craft\config
Inherits: craft\config\GeneralConfig » craft\config\BaseConfig » craft\base\Model » yii\base\Model » yii\base\Component » yii\base\BaseObject
Implements: ArrayAccess, IteratorAggregate, craft\base\ModelInterface, yii\base\Arrayable, yii\base\Configurable, yii\base\StaticInstanceInterface
Uses traits: craft\base\ClonefixTrait, yii\base\ArrayableTrait, yii\base\StaticInstanceTrait
Since: 3.0.0

General config class

Public Properties

Property	Description
accessibilityDefaults	array – The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
actionTrigger	string – The URI segment Craft should look for when determining if the current request should be routed to a controller action.
activateAccountSuccessPath	`mixed` – The URI that users without access to the control panel should be redirected to after activating their account.
activeValidators	yii\validators\Validator – The validators applicable to the current scenario.
addTrailingSlashesToUrls	boolean – Whether auto-generated URLs should have trailing slashes.
aliases	array – Any custom Yii [aliases](https://www.
allowAdminChanges	boolean – Whether admins should be allowed to make administrative changes to the system.
allowSimilarTags	boolean – Whether users should be allowed to create similarly-named tags.
allowUpdates	boolean – Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
allowUppercaseInSlug	boolean – Whether uppercase letters should be allowed in slugs.
allowedFileExtensions	string[] – The file extensions Craft should allow when a user is uploading files.
allowedGraphqlOrigins	string[], null, false – The Ajax origins that should be allowed to access the GraphQL API, if enabled.
attributes	array – Attribute values (name => value).
autoLoginAfterAccountActivation	boolean – Whether users should automatically be logged in after activating their account or resetting their password.
autosaveDrafts	boolean – Whether drafts should be saved automatically as they are edited.
backupCommand	string, null, false – The shell command that Craft should execute to create a database backup.
backupOnUpdate	boolean – Whether Craft should create a database backup before applying a new system update.
baseCpUrl	string, null – The base URL Craft should use when generating control panel URLs.
behaviors	yii\base\Behavior – List of behaviors attached to this component.
blowfishHashCost	integer – The higher the cost value, the longer it takes to generate a password hash and to verify against it.
brokenImagePath	string, null – The server path to an image file that should be sent when responding to an image request with a 404 status code.
buildId	string, null – A unique ID representing the current build of the codebase.
cacheDuration	`mixed` – The default length of time Craft will store data, RSS feed, and template caches.
convertFilenamesToAscii	boolean – Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. `ñ` → `n`).
cooldownDuration	`mixed` – The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
cpHeadTags	array – List of additional HTML tags that should be included in the `<head>` of control panel pages.
cpTrigger	string, null – The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
csrfTokenName	string – The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to `true`.
defaultCookieDomain	string – The domain that cookies generated by Craft should be created for.
defaultCountryCode	string – The two-letter country code that addresses will be set to by default.
defaultCpLanguage	string, null – The default language the control panel should use for users who haven’t set a preferred language yet.
defaultCpLocale	string, null – The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
defaultDirMode	`mixed` – The default permission to be set for newly-generated directories.
defaultFileMode	integer, null – The default permission to be set for newly-generated files.
defaultImageQuality	integer – The quality level Craft will use when saving JPG and PNG files.
defaultSearchTermOptions	array – The default options that should be applied to each search term.
defaultTemplateExtensions	string[] – The template file extensions Craft will look for when matching a template path to a file on the front end.
defaultTokenDuration	`mixed` – The default amount of time tokens can be used before expiring.
defaultWeekStartDay	integer – The default day new users should have set as their Week Start Day.
deferPublicRegistrationPassword	boolean – By default, Craft requires a front-end “password” field for public user registrations.
devMode	boolean – Whether the system should run in [Dev Mode](https://craftcms.
disableGraphqlTransformDirective	boolean – Whether the `transform` directive should be disabled for the GraphQL API.
disabledPlugins	string[], string, null – Array of plugin handles that should be disabled, regardless of what the project config says.
disabledUtilities	string[] – Array of utility IDs that should be disabled.
disallowRobots	boolean – Whether front end requests should respond with `X-Robots-Tag: none` HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
elevatedSessionDuration	`mixed` – The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
enableBasicHttpAuth	boolean – Whether front-end web requests should support basic HTTP authentication.
enableCsrfCookie	boolean – Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled.
enableCsrfProtection	boolean – Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
enableGql	boolean – Whether the GraphQL API should be enabled.
enableGraphqlCaching	boolean – Whether Craft should cache GraphQL queries.
enableGraphqlIntrospection	boolean – Whether GraphQL introspection queries are allowed.
enableTemplateCaching	boolean – Whether to enable Craft’s template `{% cache %}` tag on a global basis.
errorTemplatePrefix	string – The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
errors	array – Errors for all attributes or the specified attribute.
extraAllowedFileExtensions	string[], null – List of file extensions that will be merged into the config4:allowedFileExtensions config setting.
extraAppLocales	string[], null – List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
extraFileKinds	array – List of additional file kinds Craft should support.
extraLastNamePrefixes	string[] – Any additional last name prefixes that should be supported by the name parser.
extraNameSalutations	string[] – Any additional name salutations that should be supported by the name parser.
extraNameSuffixes	string[] – Any additional name suffixes that should be supported by the name parser.
filenameWordSeparator	string, false – The string to use to separate words when uploading assets.
firstErrors	array – The first errors.
generateTransformsBeforePageLoad	boolean – Whether image transforms should be generated before page load.
gqlTypePrefix	string – Prefix to use for all type names returned by GraphQL.
handleCasing	string – The casing to use for autogenerated component handles.
headlessMode	boolean – Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
httpProxy	string, null – The proxy server that should be used for outgoing HTTP requests.
imageDriver	`mixed` – The image driver Craft should use to cleanse and transform images.
imageEditorRatios	array – An array containing the selectable image aspect ratios for the image editor.
indexTemplateFilenames	string[] – The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
invalidLoginWindowDuration	`mixed` – The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
invalidUserTokenPath	`mixed` – The URI Craft should redirect to when user token validation fails.
ipHeaders	string[], null – List of headers where proxies store the real client IP.
isSystemLive	boolean, null – Whether the site is currently live.
iterator	ArrayIterator – An iterator for traversing the items in the list.
limitAutoSlugsToAscii	boolean – Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
loginPath	`mixed` – The URI Craft should use for user login on the front end.
logoutPath	`mixed` – The URI Craft should use for user logout on the front end.
maxBackups	integer, false – The number of backups Craft should make before it starts deleting the oldest backups.
maxCachedCloudImageSize	integer – The maximum dimension size to use when caching images from external sources to use in transforms.
maxGraphqlBatchSize	integer – The maximum allowed GraphQL queries that can be executed in a single batched request.
maxGraphqlComplexity	integer – The maximum allowed complexity a GraphQL query is allowed to have.
maxGraphqlDepth	integer – The maximum allowed depth a GraphQL query is allowed to reach.
maxGraphqlResults	integer – The maximum allowed results for a single GraphQL query.
maxInvalidLogins	integer, false – The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
maxRevisions	integer, null – The maximum number of revisions that should be stored for each element.
maxSlugIncrement	integer – The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
maxUploadFileSize	integer, string – The maximum upload file size allowed.
omitScriptNameInUrls	boolean – Whether generated URLs should omit `index.php` (e.g. `http://my-project.tld/path` instead of `http://my-project.tld/index.php/path`) This can only be possible if your server is configured to redirect would-be 404s to `index.php`, for example, with the redirect found in the `.htaccess` file that came with Craft: `RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.+) /index.php?p=$1 [QSA,L]` ::: code `php Static Config ->omitScriptNameInUrls(true)` `shell Environment Override CRAFT_OMIT_SCRIPT_NAME_IN_URLS=1` ::: ::: tip Even when this is set to `true`, the script name could still be included in some action URLs.
optimizeImageFilesize	boolean – Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality.
pageTrigger	string – The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
passwordPath	`mixed`
passwordRequestPath	`mixed`
passwordSuccessPath	`mixed`
pathParam	string, null – The query string param that Craft will check when determining the request’s path.
permissionsPolicyHeader	string, null – The `Permissions-Policy` header that should be sent for web responses.
phpMaxMemoryLimit	string, null – The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating.
phpSessionName	string – The name of the PHP session cookie.
postCpLoginRedirect	`mixed` – The path users should be redirected to after logging into the control panel.
postLoginRedirect	`mixed` – The path users should be redirected to after logging in from the front-end site.
postLogoutRedirect	`mixed` – The path that users should be redirected to after logging out from the front-end site.
prefixGqlRootTypes	boolean – Whether the config4:gqlTypePrefix config setting should have an impact on `query`, `mutation`, and `subscription` types.
preloadSingles	boolean – Whether Single section entries should be preloaded for Twig templates.
preserveCmykColorspace	boolean – Whether CMYK should be preserved as the colorspace when manipulating images.
preserveExifData	boolean – Whether the EXIF data should be preserved when manipulating and uploading images.
preserveImageColorProfiles	boolean – Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
preventUserEnumeration	boolean – When `true`, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
previewIframeResizerOptions	array – Custom [iFrame Resizer options](http://davidjbradshaw.
previewTokenDuration	`mixed` – The amount of time content preview tokens can be used before expiring.
privateTemplateTrigger	string – The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
purgePendingUsersDuration	`mixed` – The amount of time to wait before Craft purges pending users from the system that have not activated.
purgeStaleUserSessionDuration	`mixed` – The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
purgeUnsavedDraftsDuration	`mixed` – The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
rasterizeSvgThumbs	boolean – Whether SVG thumbnails should be rasterized.
rememberUsernameDuration	`mixed` – The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
rememberedUserSessionDuration	`mixed` – The amount of time a user stays logged if “Remember Me” is checked on the login page.
requireMatchingUserAgentForSession	boolean – Whether Craft should require a matching user agent string when restoring a user session from a cookie.
requireUserAgentAndIpForSession	boolean – Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
resourceBasePath	string – The path to the root directory that should store published control panel resources.
resourceBaseUrl	string – The URL to the root directory that should store published control panel resources.
restoreCommand	string, null, false – The shell command Craft should execute to restore a database backup.
revAssetUrls	boolean – Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
rotateImagesOnUploadByExifData	boolean – Whether Craft should rotate images according to their EXIF data on upload.
runQueueAutomatically	boolean – Whether Craft should run pending queue jobs automatically when someone visits the control panel.
sameSiteCookieValue	string, null – The [SameSite](https://developer.
sanitizeCpImageUploads	boolean – Whether images uploaded via the control panel should be sanitized.
sanitizeSvgUploads	boolean – Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
scenario	string – The scenario that this model is in.
secureHeaders	array, null – Lists of headers that are, by default, subject to the trusted host configuration.
secureProtocolHeaders	array, null – List of headers to check for determining whether the connection is made via HTTPS.
securityKey	string – A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
sendContentLengthHeader	boolean – Whether a `Content-Length` header should be sent with responses.
sendPoweredByHeader	boolean – Whether an `X-Powered-By: Craft CMS` header should be sent, helping services like [BuiltWith](https://builtwith.
setGraphqlDatesToSystemTimeZone	boolean – Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
setPasswordPath	`mixed` – The URI or URL that Craft should use for Set Password forms on the front end.
setPasswordRequestPath	`mixed` – The URI to the page where users can request to change their password.
setPasswordSuccessPath	`mixed` – The URI Craft should redirect users to after setting their password from the front end.
showFirstAndLastNameFields	boolean – Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.
siteToken	string – The query string parameter name that site tokens should be set to.
slugWordSeparator	string – The character(s) that should be used to separate words in slugs.
softDeleteDuration	`mixed` – The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
storeUserIps	boolean – Whether user IP addresses should be stored/logged by the system.
testToEmailAddress	string, array, null, false – Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
timezone	string, null – The timezone of the site.
tokenParam	string – The query string parameter name that Craft tokens should be set to.
transformGifs	boolean – Whether GIF files should be cleansed/transformed.
transformSvgs	boolean – Whether SVG files should be transformed.
translationDebugOutput	boolean – Whether translated messages should be wrapped in special characters to help find any strings that are not being run through `Craft::t()` or the `
trustedHosts	array – The configuration for trusted security-related headers.
upscaleImages	boolean – Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
useEmailAsUsername	boolean – Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
useFileLocks	boolean, null – Whether to grab an exclusive lock on a file when writing to it by using the `LOCK_EX` flag.
useIframeResizer	boolean – Whether [iFrame Resizer options](http://davidjbradshaw.
usePathInfo	boolean – Whether Craft should specify the path using `PATH_INFO` or as a query string parameter when generating URLs.
useSecureCookies	boolean, string – Whether Craft will set the “secure” flag when saving cookies when using `Craft::cookieConfig()` to create a cookie.
useSslOnTokenizedUrls	boolean, string – Determines what protocol/schema Craft will use when generating tokenized URLs.
userSessionDuration	`mixed` – The amount of time before a user will get logged out due to inactivity.
validators	ArrayObject, yii\validators\Validator – All the validators declared in the model.
verificationCodeDuration	`mixed` – The amount of time a user verification code can be used before expiring.
verifyEmailPath	`mixed` – The URI or URL that Craft should use for email verification links on the front end.
verifyEmailSuccessPath	`mixed` – The URI that users without access to the control panel should be redirected to after verifying a new email address.

`accessibilityDefaults`

Type: array
Default value: [ 'alwaysShowFocusRings' => false, 'useShapes' => false, 'underlineLinks' => false, 'notificationDuration' => 5000, ]
Since: 3.6.4

The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.

The array can contain the following keys:

alwaysShowFocusRings - Whether focus rings should always be shown when an element has focus.
useShapes – Whether shapes should be used to represent statuses.
underlineLinks – Whether links should be underlined.
notificationDuration – How long notifications should be shown before they disappear automatically (in milliseconds). Set to 0 to show them indefinitely.

php

->accessibilityDefaults([
    'useShapes' => true,
])

View source

`actionTrigger`

Type: string
Default value: 'actions'

The URI segment Craft should look for when determining if the current request should be routed to a controller action.

::: code

php

->actionTrigger('do-it')

shell

CRAFT_ACTION_TRIGGER=do-it

:::

View source

`activateAccountSuccessPath`

Type: mixed
Default value: ''

The URI that users without access to the control panel should be redirected to after activating their account.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->activateAccountSuccessPath('welcome')

shell

CRAFT_ACTIVATE_ACCOUNT_SUCCESS_PATH=welcome

:::

View source

`addTrailingSlashesToUrls`

Type: boolean
Default value: false

Whether auto-generated URLs should have trailing slashes.

::: code

php

->addTrailingSlashesToUrls(true)

shell

CRAFT_ADD_TRAILING_SLASHES_TO_URLS=1

:::

View source

`aliases`

Type: array
Default value: []

Any custom Yii aliases that should be defined for every request.

php

->aliases([
    '@webroot' => '/var/www/',
])

View source

`allowAdminChanges`

Type: boolean
Default value: true
Since: 3.1.0

Whether admins should be allowed to make administrative changes to the system.

When this is disabled, the Settings section will be hidden, the Craft edition and Craft/plugin versions will be locked, and the project config and Plugin Store will become read-only—though Craft and plugin licenses may still be purchased.

It’s best to disable this in production environments with a deployment workflow that runs composer install and propagates project config updates on deploy.

WARNING

Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.

::: code

php

->allowAdminChanges(false)

shell

CRAFT_ALLOW_ADMIN_CHANGES=false

:::

View source

`allowSimilarTags`

Type: boolean
Default value: false

Whether users should be allowed to create similarly-named tags.

::: code

php

->allowSimilarTags(true)

shell

CRAFT_ALLOW_SIMILAR_TAGS=1

:::

View source

`allowUpdates`

Type: boolean
Default value: true

Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.

This setting will automatically be disabled if config4:allowAdminChanges is disabled.

::: code

php

->allowUpdates(false)

shell

CRAFT_ALLOW_UPDATES=false

:::

View source

`allowUppercaseInSlug`

Type: boolean
Default value: false

Whether uppercase letters should be allowed in slugs.

::: code

php

->allowUppercaseInSlug(true)

shell

CRAFT_ALLOW_UPPERCASE_IN_SLUG=1

:::

View source

`allowedFileExtensions`

Type: string[]
Default value: [ '7z', 'aiff', 'asc', 'asf', 'avi', 'avif', 'bmp', 'cap', 'cin', 'csv', 'dfxp', 'doc', 'docx', 'dotm', 'dotx', 'fla', 'flv', 'gif', 'gz', 'gzip', 'heic', 'heif', 'hevc', 'itt', 'jp2', 'jpeg', 'jpg', 'jpx', 'js', 'json', 'lrc', 'm2t', 'm4a', 'm4v', 'mcc', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'mpsub', 'ods', 'odt', 'ogg', 'ogv', 'pdf', 'png', 'potx', 'pps', 'ppsm', 'ppsx', 'ppt', 'pptm', 'pptx', 'ppz', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rt', 'rtf', 'sami', 'sbv', 'scc', 'sdc', 'sitd', 'smi', 'srt', 'stl', 'sub', 'svg', 'swf', 'sxc', 'sxw', 'tar', 'tds', 'tgz', 'tif', 'tiff', 'ttml', 'txt', 'vob', 'vsd', 'vtt', 'wav', 'webm', 'webp', 'wma', 'wmv', 'xls', 'xlsx', 'zip', ]

The file extensions Craft should allow when a user is uploading files.

php

// Nothing bug GIFs!
->allowedFileExtensions([
    'gif',
])

`allowedGraphqlOrigins`

Type: string[], null, false
Default value: null
Since: 3.5.0

The Ajax origins that should be allowed to access the GraphQL API, if enabled.

If this is set to an array, then graphql/api requests will only include the current request’s origin in the Access-Control-Allow-Origin response header if it’s listed here.

If this is set to false, then the Access-Control-Allow-Origin response header will never be sent.

::: code

php

->allowedGraphqlOrigins(false)

shell

CRAFT_ALLOW_GRAPHQL_ORIGINS=false

:::

View source

`autoLoginAfterAccountActivation`

Type: boolean
Default value: false

Whether users should automatically be logged in after activating their account or resetting their password.

::: code

php

->autoLoginAfterAccountActivation(true)

shell

CRAFT_ALLOW_AUTO_LOGIN_AFTER_ACCOUNT_ACTIVATION=true

:::

View source

`autosaveDrafts`

DEPRECATED

Deprecated in 4.0.0

Type: boolean
Default value: true
Since: 3.5.6

Whether drafts should be saved automatically as they are edited.

Note that drafts will be autosaved while Live Preview is open, regardless of this setting.

::: code

shell

CRAFT_AUTOSAVE_DRAFTS=false

:::

View source

`backupCommand`

Type: string, null, false
Default value: null

The shell command that Craft should execute to create a database backup.

When set to null (default), Craft will run mysqldump or pg_dump, provided that those libraries are in the $PATH variable for the system user running the web server.

You may provide your own command, which can include several tokens Craft will substitute at runtime:

{file} - the target backup file path
{port} - the current database port
{server} - the current database hostname
{user} - user that was used to connect to the database
{password} - password for the specified {user}
{database} - the current database name
{schema} - the current database schema (if any)

This can also be set to false to disable database backups completely.

::: code

php

->backupCommand(false)

shell

CRAFT_BACKUP_COMMAND=false

:::

View source

`backupOnUpdate`

Type: boolean
Default value: true

Whether Craft should create a database backup before applying a new system update.

::: code

php

->backupOnUpdate(false)

shell

CRAFT_BACKUP_ON_UPDATE=false

:::

`baseCpUrl`

Type: string, null
Default value: null

The base URL Craft should use when generating control panel URLs.

It will be determined automatically if left blank.

TIP

The base control panel URL should not include the control panel trigger word (e.g. /admin).

::: code

php

->baseCpUrl('https://cms.my-project.tld/')

shell

CRAFT_BASE_CP_URL=https://cms.my-project.tld/

:::

View source

`blowfishHashCost`

Type: integer
Default value: 13

The higher the cost value, the longer it takes to generate a password hash and to verify against it.

Therefore, higher cost slows down a brute-force attack.

For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.

The time taken to compute the hash doubles for every increment by one for this value.

For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.

::: code

php

->blowfishHashCost(15)

shell

CRAFT_BLOWFISH_HASH_COST=15

:::

View source

`brokenImagePath`

Type: string, null
Default value: null
Since: 3.5.0

The server path to an image file that should be sent when responding to an image request with a 404 status code.

This can be set to an aliased path such as @webroot/assets/404.svg.

::: code

php

->brokenImagePath('@webroot/assets/404.svg')

shell

CRAFT_BROKEN_IMAGE_PATH=@webroot/assets/404.svg

:::

View source

`buildId`

Type: string, null
Default value: null
Since: 4.0.0

A unique ID representing the current build of the codebase.

This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.

::: code

php

->buildId(\craft\helpers\App::env('GIT_SHA'))

shell

CRAFT_BUILD_ID=$GIT_SHA

:::

View source

`cacheDuration`

Type: mixed
Default value: 86400 (1 day)

The default length of time Craft will store data, RSS feed, and template caches.

If set to 0, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

->cacheDuration(0)

shell

CRAFT_CACHE_DURATION=0

:::

View source

`convertFilenamesToAscii`

Type: boolean
Default value: false

Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñ → n).

TIP

You can run php craft utils/ascii-filenames in your terminal to apply ASCII filenames to all existing assets.

::: code

php

->convertFilenamesToAscii(false)

shell

CRAFT_CONVERT_FILENAMES_TO_ASCII=false

:::

View source

`cooldownDuration`

Type: mixed
Default value: 300 (5 minutes)

The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.

Set to 0 to keep the account locked indefinitely, requiring an admin to manually unlock the account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

->cooldownDuration(0)

shell

CRAFT_COOLDOWN_DURATION=0

:::

View source

`cpHeadTags`

Type: array
Default value: []
Since: 3.5.0

List of additional HTML tags that should be included in the <head> of control panel pages.

Each tag can be specified as an array of the tag name and its attributes.

For example, you can give the control panel a custom favicon (etc.) like this:

php

->cpHeadTags([
    // Traditional favicon
    ['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
    // Scalable favicon for browsers that support them
    ['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
    // Touch icon for mobile devices
    ['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
    // Pinned tab icon for Safari
    ['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])

View source

`cpTrigger`

Type: string, null
Default value: 'admin'

The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.

This can be set to null if you have a dedicated hostname for the control panel (e.g. cms.my-project.tld), or you are running Craft in Headless Mode. If you do that, you will need to ensure that the control panel is being served from its own web root directory on your server, with an index.php file that defines the CRAFT_CP PHP constant.

php

define('CRAFT_CP', true);

Alternatively, you can set the config4:baseCpUrl config setting, but then you will run the risk of losing access to portions of your control panel due to URI conflicts with actual folders/files in your main web root.

(For example, if you have an assets/ folder, that would conflict with the /assets page in the control panel.)

::: code

php

->cpTrigger(null)

shell

CRAFT_CP_TRIGGER=

:::

View source

`csrfTokenName`

Type: string
Default value: 'CRAFT_CSRF_TOKEN'

The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true.

::: code

php

->csrfTokenName('MY_CSRF')

shell

CRAFT_CSRF_TOKEN_NAME=MY_CSRF

:::

`defaultCookieDomain`

Type: string
Default value: ''

The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.

::: code

php

->defaultCookieDomain('.my-project.tld')

shell

CRAFT_DEFAULT_COOKIE_DOMAIN=.my-project.tld

:::

View source

`defaultCountryCode`

Type: string
Default value: 'US'
Since: 4.5.0

The two-letter country code that addresses will be set to by default.

See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for a list of acceptable country codes.

::: code

php

->defaultCountryCode('GB')

shell

CRAFT_DEFAULT_COUNTRY_CODE=GB

:::

View source

`defaultCpLanguage`

Type: string, null
Default value: null

The default language the control panel should use for users who haven’t set a preferred language yet.

::: code

php

->defaultCpLanguage('en-US')

shell

CRAFT_DEFAULT_CP_LANGUAGE=en-US

:::

View source

`defaultCpLocale`

Type: string, null
Default value: null
Since: 3.5.0

The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.

If this is null, the config4:defaultCpLanguage config setting will determine which locale is used for date/number formatting by default.

::: code

php

->defaultCpLocale('en-US')

shell

CRAFT_DEFAULT_CP_LOCALE=en-US

:::

View source

`defaultDirMode`

Type: mixed
Default value: 0775

The default permission to be set for newly-generated directories.

If set to null, the permission will be determined by the current environment.

::: code

php

->defaultDirMode(0744)

shell

CRAFT_DEFAULT_DIR_MODE=0744

:::

View source

`defaultFileMode`

Type: integer, null
Default value: null

The default permission to be set for newly-generated files.

If set to null, the permission will be determined by the current environment.

::: code

php

->defaultFileMode(0744)

shell

CRAFT_DEFAULT_FILE_MODE=0744

:::

View source

`defaultImageQuality`

Type: integer
Default value: 82

The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).

::: code

php

->defaultImageQuality(90)

shell

CRAFT_DEFAULT_IMAGE_QUALITY=90

:::

View source

`defaultSearchTermOptions`

Type: array
Default value: []

The default options that should be applied to each search term.

Options include:

subLeft – Whether to include keywords that contain the term, with additional characters before it. (false by default)
subRight – Whether to include keywords that contain the term, with additional characters after it. (true by default)
exclude – Whether search results should exclude records with this term. (false by default)
exact – Whether the term must be an exact match (only applies if the search term specifies an attribute). (false by default)

php

->defaultSearchTermOptions([
    'subLeft' => true,
    'exclude' => 'secret',
])

View source

`defaultTemplateExtensions`

Type: string[]
Default value: [ 'html', 'twig', ]

The template file extensions Craft will look for when matching a template path to a file on the front end.

::: code

php

->defaultTemplateExtensions(['html', 'twig', 'txt'])

shell

CRAFT_DEFAULT_TEMPLATE_EXTENSIONS=html,twig,txt

:::

View source

`defaultTokenDuration`

Type: mixed
Default value: 86400 (1 day)

The default amount of time tokens can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

// One week
->defaultTokenDuration(604800)

shell

# One week
CRAFT_DEFAULT_TOKEN_DURATION=604800

:::

View source

`defaultWeekStartDay`

Type: integer
Default value: 1 (Monday)

The default day new users should have set as their Week Start Day.

This should be set to one of the following integers:

0 – Sunday
1 – Monday
2 – Tuesday
3 – Wednesday
4 – Thursday
5 – Friday
6 – Saturday

::: code

php

->defaultWeekStartDay(0)

shell

CRAFT_DEFAULT_WEEK_START_DAY=0

:::

View source

`deferPublicRegistrationPassword`

Type: boolean
Default value: false

By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.

If you have email verification enabled, new users will set their password once they’ve followed the verification link in the email. If you don’t, the only way they can set their password is to go through your “forgot password” workflow.

::: code

php

->deferPublicRegistrationPassword(true)

shell

CRAFT_DEFER_PUBLIC_REGISTRATION_PASSWORD=true

:::

View source

`devMode`

Type: boolean
Default value: false

Whether the system should run in Dev Mode.

::: code

php

->devMode(true)

shell

CRAFT_DEV_MODE=true

:::

View source

`disableGraphqlTransformDirective`

Type: boolean
Default value: false
Since: 3.6.0

Whether the transform directive should be disabled for the GraphQL API.

::: code

php

->disableGraphqlTransformDirective(true)

shell

CRAFT_DISABLE_GRAPHQL_TRANSFORM_DIRECTIVE=1

:::

View source

`disabledPlugins`

Type: string[], string, null
Default value: null
Since: 3.1.9

Array of plugin handles that should be disabled, regardless of what the project config says.

php

->disabledPlugins([
    'webhooks',
])

This can also be set to '*' to disable all plugins.

php

->disabledPlugins('*')

WARNING

This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.

::: code

php

->disabledPlugins([
    'redactor',
    'webhooks',
])

shell

CRAFT_DISABLED_PLUGINS=redactor,webhooks

:::

View source

`disabledUtilities`

Type: string[]
Default value: []
Since: 4.6.0

Array of utility IDs that should be disabled.

::: code

php

 ->disabledUtilities([
     'updates',
     'find-replace',
 ])

shell

CRAFT_DISABLED_UTILITIES=updates,find-replace

:::

View source

`disallowRobots`

Type: boolean
Default value: false
Since: 3.5.10

Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.

TIP

This should be set to true for development and staging environments.

::: code

php

->disallowRobots(true)

shell

CRAFT_DISALLOW_ROBOTS=1

:::

View source

`elevatedSessionDuration`

Type: mixed
Default value: 300 (5 minutes)

The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).

Set to 0 to disable elevated session support.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

->elevatedSessionDuration(0)

shell

CRAFT_ELEVATED_SESSION_DURATION=0

:::

View source

`enableBasicHttpAuth`

Type: boolean
Default value: false
Since: 3.5.0

Whether front-end web requests should support basic HTTP authentication.

::: code

php

->enableBasicHttpAuth(true)

shell

CRAFT_ENABLE_BASIC_HTTP_AUTH=1

:::

View source

`enableCsrfCookie`

Type: boolean
Default value: true

Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.

::: code

php

->enableCsrfCookie(false)

shell

CRAFT_ENABLE_CSRF_COOKIE=false

:::

`enableCsrfProtection`

Type: boolean
Default value: true

Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.

::: code

php

->enableCsrfProtection(false)

shell

CRAFT_ENABLE_CSRF_PROTECTION=false

:::

`enableGql`

Type: boolean
Default value: true
Since: 3.3.1

Whether the GraphQL API should be enabled.

The GraphQL API is only available for Craft Pro.

::: code

php

->enableGql(false)

shell

CRAFT_ENABLE_GQL=false

:::

View source

`enableGraphqlCaching`

Type: boolean
Default value: true
Since: 3.3.12

Whether Craft should cache GraphQL queries.

If set to true, Craft will cache the results for unique GraphQL queries per access token. The cache is automatically invalidated any time an element is saved, the site structure is updated, or a GraphQL schema is saved.

This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result property.

::: code

php

->enableGraphqlCaching(false)

shell

CRAFT_ENABLE_GRAPHQL_CACHING=false

:::

View source

`enableGraphqlIntrospection`

Type: boolean
Default value: true
Since: 3.6.0

Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.

::: code

php

->enableGraphqlIntrospection(false)

shell

CRAFT_ENABLE_GRAPHQL_INTROSPECTION=false

:::

View source

`enableTemplateCaching`

Type: boolean
Default value: true

Whether to enable Craft’s template {% cache %} tag on a global basis.

::: code

php

->enableTemplateCaching(false)

shell

CRAFT_ENABLE_TEMPLATE_CACHING=false

:::

View source

`errorTemplatePrefix`

Type: string
Default value: ''

The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.

If set to '_' your site’s 404 template would live at templates/_404.twig, for example.

::: code

php

->errorTemplatePrefix('_')

shell

CRAFT_ERROR_TEMPLATE_PREFIX=_

:::

View source

`extraAllowedFileExtensions`

Type: string[], null
Default value: null

List of file extensions that will be merged into the config4:allowedFileExtensions config setting.

::: code

php

->extraAllowedFileExtensions(['mbox', 'xml'])

shell

CRAFT_EXTRA_ALLOWED_FILE_EXTENSIONS=mbox,xml

:::

`extraAppLocales`

Type: string[], null
Default value: null
Since: 3.0.24

List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.

::: code

php

->extraAppLocales(['uk'])

shell

CRAFT_EXTRA_APP_LOCALES=uk

:::

View source

`extraFileKinds`

Type: array
Default value: []
Since: 3.0.37

List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().

php

->extraFileKinds([
    // merge .psb into list of Photoshop file kinds
    'photoshop' => [
        'extensions' => ['psb'],
    ],
    // register new "Stylesheet" file kind
    'stylesheet' => [
        'label' => 'Stylesheet',
        'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
    ],
])

TIP

File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions config setting.

View source

`extraLastNamePrefixes`

Type: string[]
Default value: []
Since: 4.3.0

Any additional last name prefixes that should be supported by the name parser.

::: code

php

->extraLastNamePrefixes(['Dal', 'Van Der'])

shell

CRAFT_EXTRA_LAST_NAME_PREFIXES="Dal,Van Der"

:::

View source

`extraNameSalutations`

Type: string[]
Default value: []
Since: 4.3.0

Any additional name salutations that should be supported by the name parser.

::: code

php

->extraNameSalutations(['Lady', 'Sire'])

shell

CRAFT_EXTRA_NAME_SALUTATIONS=Lady,Sire

:::

View source

`extraNameSuffixes`

Type: string[]
Default value: []
Since: 4.3.0

Any additional name suffixes that should be supported by the name parser.

::: code

php

->extraNameSuffixes(['CCNA', 'OBE'])

shell

CRAFT_EXTRA_NAME_SUFFIXES=CCNA,OBE

:::

View source

`filenameWordSeparator`

Type: string, false
Default value: '-'

The string to use to separate words when uploading assets. If set to false, spaces will be left alone.

::: code

php

->filenameWordSeparator(false)

shell

CRAFT_FILENAME_WORD_SEPARATOR=false

:::

View source

`generateTransformsBeforePageLoad`

Type: boolean
Default value: false

Whether image transforms should be generated before page load.

::: code

php

->generateTransformsBeforePageLoad(true)

shell

CRAFT_GENERATE_TRANSFORMS_BEFORE_PAGE_LOAD=1

:::

View source

`gqlTypePrefix`

Type: string
Default value: ''

Prefix to use for all type names returned by GraphQL.

::: code

php

->gqlTypePrefix('craft_')

shell

CRAFT_GQL_TYPE_PREFIX=craft_

:::

View source

`handleCasing`

Type: string
Default value: self::CAMEL_CASE
Since: 3.6.0

The casing to use for autogenerated component handles.

View source

`headlessMode`

Type: boolean
Default value: false
Since: 3.3.0

Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.

When this is enabled, the following changes will take place:

Template settings for sections and category groups will be hidden.
Template route management will be hidden.
Front-end routing will skip checks for element and template requests.
Front-end responses will be JSON-formatted rather than HTML by default.
Twig will be configured to escape unsafe strings for JavaScript/JSON rather than HTML by default for front-end requests.
The config4:loginPath, config4:logoutPath, config4:setPasswordPath, and config4:verifyEmailPath settings will be ignored.

TIP

With Headless Mode enabled, users may only set passwords and verify email addresses via the control panel. Be sure to grant “Access the control panel” permission to all content editors and administrators. You’ll also need to set the config4:baseCpUrl config setting if the control panel is located on a different domain than your front end.

::: code

php

->headlessMode(true)

shell

CRAFT_HEADLESS_MODE=1

:::

View source

`httpProxy`

Type: string, null
Default value: null
Since: 3.7.0

The proxy server that should be used for outgoing HTTP requests.

This can be set to a URL (http://localhost) or a URL plus a port (http://localhost:8125).

::: code

php

->httpProxy('http://localhost')

shell

CRAFT_HTTP_PROXY=http://localhost

:::

View source

`imageDriver`

Type: mixed
Default value: self::IMAGE_DRIVER_AUTO

The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior.

::: code

php

->imageDriver('imagick')

shell

CRAFT_IMAGE_DRIVER=imagick

:::

View source

`imageEditorRatios`

Type: array
Default value: [ 'Unconstrained' => 'none', 'Original' => 'original', 'Square' => 1, '16:9' => 1.78, '10:8' => 1.25, '7:5' => 1.4, '4:3' => 1.33, '5:3' => 1.67, '3:2' => 1.5, ]

An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.

php

->imageEditorRatios([
    'Unconstrained' => 'none',
    'Original' => 'original',
    'Square' => 1,
    'IMAX' => 1.9,
    'Widescreen' => 1.78,
])

View source

`indexTemplateFilenames`

Type: string[]
Default value: [ 'index', ]

The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.

::: code

php

->indexTemplateFilenames(['index', 'default'])

shell

CRAFT_INDEX_TEMPLATE_FILENAMES=index,default

:::

View source

`invalidLoginWindowDuration`

Type: mixed
Default value: 3600 (1 hour)

The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

// 1 day
->invalidLoginWindowDuration(86400)

shell

# 1 day
CRAFT_INVALID_LOGIN_WINDOW_DURATION=86400

:::

View source

`invalidUserTokenPath`

Type: mixed
Default value: ''

The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

// 1 day
->invalidUserTokenPath('nope')

shell

# 1 day
CRAFT_INVALID_USER_TOKEN_PATH=nope

:::

`ipHeaders`

Type: string[], null
Default value: null

List of headers where proxies store the real client IP.

See yii\web\Request::$ipHeaders for more details.

If not set, the default craft\web\Request::$ipHeaders value will be used.

::: code

php

->ipHeaders(['X-Forwarded-For', 'CF-Connecting-IP'])

shell

CRAFT_IP_HEADERS=X-Forwarded-For,CF-Connecting-IP

:::

View source

`isSystemLive`

Type: boolean, null
Default value: null

Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.

::: code

php

->isSystemLive(true)

shell

CRAFT_IS_SYSTEM_LIVE=true

:::

View source

`limitAutoSlugsToAscii`

Type: boolean
Default value: false

Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).

TIP

This only affects the JavaScript auto-generated slugs. Non-ASCII characters can still be used in slugs if entered manually.

::: code

php

->limitAutoSlugsToAscii(true)

shell

CRAFT_LIMIT_AUTO_SLUGS_TO_ASCII=1

:::

View source

`loginPath`

Type: mixed
Default value: 'login'

The URI Craft should use for user login on the front end.

This can be set to false to disable front-end login.

Note that this config setting is ignored when config4:headlessMode is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->loginPath(false)

shell

CRAFT_LOGIN_PATH=false

:::

`logoutPath`

Type: mixed
Default value: 'logout'

The URI Craft should use for user logout on the front end.

This can be set to false to disable front-end logout.

Note that this config setting is ignored when config4:headlessMode is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->logoutPath(false)

shell

CRAFT_LOGOUT_PATH=false

:::

`maxBackups`

Type: integer, false
Default value: 20

The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.

::: code

php

->maxBackups(5)

shell

CRAFT_MAX_BACKUPS=5

:::

View source

`maxCachedCloudImageSize`

Type: integer
Default value: 2000

The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.

::: code

php

->maxCachedCloudImageSize(0)

shell

CRAFT_MAX_CACHED_CLOUD_IMAGE_SIZE=0

:::

View source

`maxGraphqlBatchSize`

Type: integer
Default value: 0
Since: 4.5.5

The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.

::: code

php

->maxGraphqlBatchSize(5)

shell

CRAFT_MAX_GRAPHQL_BATCH_SIZE=5

:::

View source

`maxGraphqlComplexity`

Type: integer
Default value: 0
Since: 3.6.0

The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.

::: code

php

->maxGraphqlComplexity(500)

shell

CRAFT_MAX_GRAPHQL_COMPLEXITY=500

:::

View source

`maxGraphqlDepth`

Type: integer
Default value: 0
Since: 3.6.0

The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.

::: code

php

->maxGraphqlDepth(5)

shell

CRAFT_MAX_GRAPHQL_DEPTH=5

:::

View source

`maxGraphqlResults`

Type: integer
Default value: 0
Since: 3.6.0

The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.

::: code

php

->maxGraphqlResults(100)

shell

CRAFT_MAX_GRAPHQL_RESULTS=100

:::

View source

`maxInvalidLogins`

Type: integer, false
Default value: 5

The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.

::: code

php

->maxInvalidLogins(3)

shell

CRAFT_MAX_INVALID_LOGINS=3

:::

View source

`maxRevisions`

Type: integer, null
Default value: 50
Since: 3.2.0

The maximum number of revisions that should be stored for each element.

Set to 0 if you want to store an unlimited number of revisions.

::: code

php

->maxRevisions(25)

shell

CRAFT_MAX_REVISIONS=25

:::

View source

`maxSlugIncrement`

Type: integer
Default value: 100

The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.

::: code

php

->maxSlugIncrement(10)

shell

CRAFT_MAX_SLUG_INCREMENT=10

:::

View source

`maxUploadFileSize`

Type: integer, string
Default value: 16777216 (16MB)

The maximum upload file size allowed.

See craft\helpers\ConfigHelper::sizeInBytes() for a list of supported value types.

::: code

php

// 25MB
->maxUploadFileSize(26214400)

shell

# 25MB
CRAFT_MAX_UPLOAD_FILE_SIZE=26214400

:::

View source

`omitScriptNameInUrls`

Type: boolean
Default value: false

Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)

This can only be possible if your server is configured to redirect would-be 404s to index.php, for example, with the redirect found in the .htaccess file that came with Craft:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.+) /index.php?p=$1 [QSA,L]

::: code

php

->omitScriptNameInUrls(true)

shell

CRAFT_OMIT_SCRIPT_NAME_IN_URLS=1

:::

TIP

Even when this is set to true, the script name could still be included in some action URLs. If you want to ensure that index.php is fully omitted from all generated URLs, set the config4:pathParam config setting to null.

View source

`optimizeImageFilesize`

Type: boolean
Default value: true

Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)

::: code

php

->optimizeImageFilesize(false)

shell

CRAFT_OPTIMIZE_IMAGE_FILESIZE=1

:::

`pageTrigger`

Type: string
Default value: 'p'

The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.

Example Value	Example URI
`p`	`/news/p5`
`page`	`/news/page5`
`page/`	`/news/page/5`
`?page`	`/news?page=5`

TIP

If you want to set this to ?p (e.g. /news?p=5), you’ll also need to change your config4:pathParam setting which defaults to p. If your server is running Apache, you’ll need to update the redirect code in your .htaccess file to match your new pathParam value.

::: code

php

->pageTrigger('page')

shell

CRAFT_PAGE_TRIGGER=page

:::

`passwordPath`

Type: mixed
Default value: null
Access: Write-only
Since: 4.2.0

View source

`passwordRequestPath`

Type: mixed
Default value: null
Access: Write-only
Since: 4.2.0

View source

`passwordSuccessPath`

Type: mixed
Default value: null
Access: Write-only
Since: 4.2.0

View source

`pathParam`

Type: string, null
Default value: 'p'

The query string param that Craft will check when determining the request’s path.

This can be set to null if your web server is capable of directing traffic to index.php without a query string param. If you’re using Apache, that means you’ll need to change the RewriteRule line in your .htaccess file to:

RewriteRule (.+) index.php [QSA,L]

::: code

php

->pathParam(null)

shell

CRAFT_PATH_PARAM=

:::

View source

`permissionsPolicyHeader`

Type: string, null
Default value: null
Since: 3.6.14

The Permissions-Policy header that should be sent for web responses.

::: code

php

->permissionsPolicyHeader('Permissions-Policy: geolocation=(self)')

shell

CRAFT_PERMISSIONS_POLICY_HEADER=Permissions-Policy: geolocation=(self)

:::

View source

`phpMaxMemoryLimit`

Type: string, null
Default value: null

The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.

See https://php.net/manual/en/faq.using.php#faq.using.shorthandbytes for a list of acceptable values.

::: code

php

->phpMaxMemoryLimit('512M')

shell

CRAFT_PHP_MAX_MEMORY_LIMIT=512M

:::

View source

`phpSessionName`

Type: string
Default value: 'CraftSessionId'

The name of the PHP session cookie.

::: code

php

->phpSessionName(null)

shell

CRAFT_PHP_SESSION_NAME=

:::

View source

`postCpLoginRedirect`

Type: mixed
Default value: 'dashboard'

The path users should be redirected to after logging into the control panel.

This setting will also come into effect if a user visits the control panel’s login page (/admin/login) or the control panel’s root URL (/admin) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->postCpLoginRedirect('entries')

shell

CRAFT_POST_CP_LOGIN_REDIRECT=entries

:::

`postLoginRedirect`

Type: mixed
Default value: ''

The path users should be redirected to after logging in from the front-end site.

This setting will also come into effect if the user visits the login page (as specified by the config4:loginPath config setting) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->postLoginRedirect('welcome')

shell

CRAFT_POST_LOGIN_REDIRECT=welcome

:::

`postLogoutRedirect`

Type: mixed
Default value: ''

The path that users should be redirected to after logging out from the front-end site.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->postLogoutRedirect('goodbye')

shell

CRAFT_POST_LOGOUT_REDIRECT=goodbye

:::

`prefixGqlRootTypes`

Type: boolean
Default value: true
Since: 3.6.6

Whether the config4:gqlTypePrefix config setting should have an impact on query, mutation, and subscription types.

::: code

php

->prefixGqlRootTypes(false)

shell

CRAFT_PREFIX_GQL_ROOT_TYPES=false

:::

View source

`preloadSingles`

Type: boolean
Default value: false
Since: 4.4.0

Whether Single section entries should be preloaded for Twig templates.

When enabled, Craft will make an educated guess on which Singles should be preloaded for each template based on the variable names that are referenced.

WARNING

You will need to clear your compiled templates from the Caches utility before this setting will take effect.

::: code

php

->preloadSingles()

shell

CRAFT_PRELOAD_SINGLES=true

:::

View source

`preserveCmykColorspace`

Type: boolean
Default value: false
Since: 3.0.8

Whether CMYK should be preserved as the colorspace when manipulating images.

Setting this to true will prevent Craft from transforming CMYK images to sRGB, but on some ImageMagick versions it can cause image color distortion. This will only have an effect if ImageMagick is in use.

::: code

php

->preserveCmykColorspace(true)

shell

CRAFT_PRESERVE_CMYK_COLORSPACE=1

:::

View source

`preserveExifData`

Type: boolean
Default value: false

Whether the EXIF data should be preserved when manipulating and uploading images.

Setting this to true will result in larger image file sizes.

This will only have effect if ImageMagick is in use.

::: code

php

->preserveExifData(true)

shell

CRAFT_PRESERVE_EXIF_DATA=1

:::

View source

`preserveImageColorProfiles`

Type: boolean
Default value: true

Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.

Setting this to false will reduce the image size a little bit, but on some ImageMagick versions can cause images to be saved with an incorrect gamma value, which causes the images to become very dark. This will only have effect if ImageMagick is in use.

::: code

php

->preserveImageColorProfiles(false)

shell

CRAFT_PRESERVE_IMAGE_COLOR_PROFILES=false

:::

View source

`preventUserEnumeration`

Type: boolean
Default value: false

When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.

When set to false and you go through the “forgot password” flow from the control panel login page, you’ll get distinct messages indicating whether the username/email exists and whether an email was sent with further instructions. This can be helpful for the user attempting to log in but allow for username/email enumeration based on the response.

::: code

php

->preventUserEnumeration(true)

shell

CRAFT_PREVENT_USER_ENUMERATION=1

:::

View source

`previewIframeResizerOptions`

Type: array
Default value: []
Since: 3.5.0

Custom iFrame Resizer options that should be used for preview iframes.

php

->previewIframeResizerOptions([
    'autoResize' => false,
])

View source

`previewTokenDuration`

Type: mixed
Default value: null (1 day)
Since: 3.7.0

The amount of time content preview tokens can be used before expiring.

Defaults to config4:defaultTokenDuration value.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

// 1 hour
->previewTokenDuration(3600)

shell

# 1 hour
CRAFT_PREVIEW_TOKEN_DURATION=3600

:::

View source

`privateTemplateTrigger`

Type: string
Default value: '_'

The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.

Set to an empty value to disable public template routing.

::: code

php

->privateTemplateTrigger('')

shell

CRAFT_PRIVATE_TEMPLATE_TRIGGER=

:::

View source

`purgePendingUsersDuration`

Type: mixed
Default value: 0

The amount of time to wait before Craft purges pending users from the system that have not activated.

Any content assigned to a pending user will be deleted as well when the given time interval passes.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

TIP

Users will only be purged when garbage collection is run.

::: code

php

// 2 weeks
->purgePendingUsersDuration(1209600)

shell

# 2 weeks
CRAFT_PURGE_PENDING_USERS_DURATION=1209600

:::

View source

`purgeStaleUserSessionDuration`

Type: mixed
Default value: 7776000 (90 days)
Since: 3.3.0

The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

// 1 week
->purgeStaleUserSessionDuration(604800)

shell

# 1 week
CRAFT_PURGE_STALE_USER_SESSION_DURATION=604800

:::

View source

`purgeUnsavedDraftsDuration`

Type: mixed
Default value: 2592000 (30 days)
Since: 3.2.0

The amount of time to wait before Craft purges unpublished drafts that were never updated with content.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

->purgeUnsavedDraftsDuration(0)

shell

CRAFT_PURGE_UNSAVED_DRAFTS_DURATION=0

:::

View source

`rasterizeSvgThumbs`

Type: boolean
Default value: false
Since: 3.6.0

Whether SVG thumbnails should be rasterized.

This will only work if ImageMagick is installed, and config4:imageDriver is set to either auto or imagick.

::: code

php

->rasterizeSvgThumbs(true)

shell

CRAFT_RASTERIZE_SVG_THUMBS=1

:::

View source

`rememberUsernameDuration`

Type: mixed
Default value: 31536000 (1 year)

The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.

Set to 0 to disable this feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

->rememberUsernameDuration(0)

shell

CRAFT_REMEMBER_USERNAME_DURATION=0

:::

View source

`rememberedUserSessionDuration`

Type: mixed
Default value: 1209600 (14 days)

The amount of time a user stays logged if “Remember Me” is checked on the login page.

Set to 0 to disable the “Remember Me” feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

->rememberedUserSessionDuration(0)

shell

CRAFT_REMEMBERED_USER_SESSION_DURATION=0

:::

View source

`requireMatchingUserAgentForSession`

Type: boolean
Default value: true

Whether Craft should require a matching user agent string when restoring a user session from a cookie.

::: code

php

->requireMatchingUserAgentForSession(false)

shell

CRAFT_REQUIRE_MATCHING_USER_AGENT_FOR_SESSION=false

:::

View source

`requireUserAgentAndIpForSession`

Type: boolean
Default value: true

Whether Craft should require the existence of a user agent string and IP address when creating a new user session.

::: code

php

->requireUserAgentAndIpForSession(false)

shell

CRAFT_REQUIRE_USER_AGENT_AND_IP_FOR_SESSION=false

:::

View source

`resourceBasePath`

Type: string
Default value: '@webroot/cpresources'

The path to the root directory that should store published control panel resources.

::: code

php

->resourceBasePath('@webroot/craft-resources')

shell

CRAFT_RESOURCE_BASE_PATH=@webroot/craft-resources

:::

View source

`resourceBaseUrl`

Type: string
Default value: '@web/cpresources'

The URL to the root directory that should store published control panel resources.

::: code

php

->resourceBaseUrl('@web/craft-resources')

shell

CRAFT_RESOURCE_BASE_URL=@web/craft-resources

:::

View source

`restoreCommand`

Type: string, null, false
Default value: null

The shell command Craft should execute to restore a database backup.

By default Craft will run mysql or psql, provided those libraries are in the $PATH variable for the user the web server is running as.

There are several tokens you can use that Craft will swap out at runtime:

{path} - the backup file path
{port} - the current database port
{server} - the current database hostname
{user} - the user to connect to the database
{database} - the current database name
{schema} - the current database schema (if any)

This can also be set to false to disable database restores completely.

::: code

php

->restoreCommand(false)

shell

CRAFT_RESTORE_COMMAND=false

:::

View source

`revAssetUrls`

Type: boolean
Default value: false
Since: 3.7.0

Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.

::: code

php

->revAssetUrls(true)

shell

CRAFT_REV_ASSET_URLS=1

:::

View source

`rotateImagesOnUploadByExifData`

Type: boolean
Default value: true

Whether Craft should rotate images according to their EXIF data on upload.

::: code

php

->rotateImagesOnUploadByExifData(false)

shell

CRAFT_ROTATE_IMAGES_ON_UPLOAD_BY_EXIF_DATA=false

:::

View source

`runQueueAutomatically`

Type: boolean
Default value: true

Whether Craft should run pending queue jobs automatically when someone visits the control panel.

If disabled, an alternate queue worker must be set up separately, either as an always-running daemon, or a cron job that runs the queue/run command every minute:

cron

* * * * * /path/to/project/craft queue/run

TIP

This setting should be disabled for servers running Win32, or with Apache’s mod_deflate/mod_gzip installed, where PHP’s flush() method won’t work.

::: code

php

->runQueueAutomatically(false)

shell

CRAFT_RUN_QUEUE_AUTOMATICALLY=false

:::

View source

`sameSiteCookieValue`

Type: string, null
Default value: null
Since: 3.1.33

The SameSite value that should be set on Craft cookies, if any.

View source

`sanitizeCpImageUploads`

Type: boolean
Default value: true
Since: 3.6.0

Whether images uploaded via the control panel should be sanitized.

::: code

php

->sanitizeCpImageUploads(false)

shell

CRAFT_SANITIZE_CP_IMAGE_UPLOADS=false

:::

View source

`sanitizeSvgUploads`

Type: boolean
Default value: true

Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.

This should definitely be enabled if you are accepting SVG uploads from untrusted sources.

::: code

php

->sanitizeSvgUploads(false)

shell

CRAFT_SANITIZE_SVG_UPLOADS=false

:::

View source

`secureHeaders`

Type: array, null
Default value: null

Lists of headers that are, by default, subject to the trusted host configuration.

See yii\web\Request::$secureHeaders for more details.

If not set, the default yii\web\Request::$secureHeaders value will be used.

::: code

php

->secureHeaders([
    'X-Forwarded-For',
    'X-Forwarded-Host',
    'X-Forwarded-Proto',
    'X-Rewrite-Url',
    'X-Original-Host',
    'CF-Connecting-IP',
])

shell

CRAFT_SECURE_HEADERS=X-Forwarded-For,X-Forwarded-Host,X-Forwarded-Proto,X-Rewrite-Url,X-Original-Host,CF-Connecting-IP

:::

View source

`secureProtocolHeaders`

Type: array, null
Default value: null

List of headers to check for determining whether the connection is made via HTTPS.

See yii\web\Request::$secureProtocolHeaders for more details.

If not set, the default yii\web\Request::$secureProtocolHeaders value will be used.

php

->secureProtocolHeaders([
    'X-Forwarded-Proto' => [
        'https',
    ],
    'Front-End-Https' => [
        'on',
    ],
    'CF-Visitor' => [
        '{\"scheme\":\"https\"}',
    ],
])

View source

`securityKey`

Type: string
Default value: ''

A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.

This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible.

php

->securityKey('2cf24dba5...')

View source

`sendContentLengthHeader`

Type: boolean
Default value: false
Since: 3.7.3

Whether a Content-Length header should be sent with responses.

::: code

php

->sendContentLengthHeader(true)

shell

CRAFT_SEND_CONTENT_LENGTH_HEADER=1

:::

View source

`sendPoweredByHeader`

Type: boolean
Default value: true

Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft.

::: code

php

->sendPoweredByHeader(false)

shell

CRAFT_SEND_POWERED_BY_HEADER=false

:::

View source

`setGraphqlDatesToSystemTimeZone`

Type: boolean
Default value: false
Since: 3.7.0

Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.

::: code

php

->setGraphqlDatesToSystemTimeZone(true)

shell

CRAFT_SET_GRAPHQL_DATES_TO_SYSTEM_TIMEZONE=1

:::

View source

`setPasswordPath`

Type: mixed
Default value: 'setpassword'

The URI or URL that Craft should use for Set Password forms on the front end.

This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

TIP

You might also want to set config4:invalidUserTokenPath in case a user clicks on an expired password reset link.

::: code

php

->setPasswordPath('set-password')

shell

CRAFT_SET_PASSWORD_PATH=set-password

:::

`setPasswordRequestPath`

Type: mixed
Default value: null
Since: 3.5.14

The URI to the page where users can request to change their password.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

If this is set, Craft will redirect .well-known/change-password requests to this URI.

TIP

You’ll also need to set setPasswordPath, which determines the URI and template path for the Set Password form where the user resets their password after following the link in the Password Reset email.

::: code

php

->setPasswordRequestPath('request-password')

shell

CRAFT_SET_PASSWORD_REQUEST_PATH=request-password

:::

`setPasswordSuccessPath`

Type: mixed
Default value: ''

The URI Craft should redirect users to after setting their password from the front end.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->setPasswordSuccessPath('password-set')

shell

CRAFT_SET_PASSWORD_SUCCESS_PATH=password-set

:::

`showFirstAndLastNameFields`

Type: boolean
Default value: false
Since: 4.6.0

Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.

::: code

php

->showFirstAndLastNameFields()

shell

CRAFT_SHOW_FIRST_AND_LAST_NAME_FIELDS=true

:::

View source

`siteToken`

Type: string
Default value: 'siteToken'
Since: 3.5.0

The query string parameter name that site tokens should be set to.

::: code

php

->siteToken('t')

shell

CRAFT_SITE_TOKEN=t

:::

View source

`slugWordSeparator`

Type: string
Default value: '-'

The character(s) that should be used to separate words in slugs.

::: code

php

->slugWordSeparator('.')

shell

CRAFT_SLUG_WORD_SEPARATOR=.

:::

View source

`softDeleteDuration`

Type: mixed
Default value: 2592000 (30 days)
Since: 3.1.0

The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.

Set to 0 if you don’t ever want to delete soft-deleted items.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

->softDeleteDuration(0)

shell

CRAFT_SOFT_DELETE_DURATION=0

:::

View source

`storeUserIps`

Type: boolean
Default value: false
Since: 3.1.0

Whether user IP addresses should be stored/logged by the system.

::: code

php

->storeUserIps(true)

shell

CRAFT_STORE_USER_IPS=1

:::

View source

`testToEmailAddress`

Type: string, array, null, false
Default value: null

Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.

By default, the recipient name(s) will be “Test Recipient”, but you can customize that by setting the value with the format ['me@domain.tld' => 'Name'].

::: code

php

->testToEmailAddress('me@domain.tld')

shell

CRAFT_TEST_TO_EMAIL_ADDRESS=me@domain.tld

:::

View source

`timezone`

Type: string, null
Default value: null

The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.

This can be set to one of PHP’s supported timezones.

::: code

php

->timezone('Europe/London')

shell

CRAFT_TIMEZONE=Europe/London

:::

View source

`tokenParam`

Type: string
Default value: 'token'

The query string parameter name that Craft tokens should be set to.

::: code

php

->tokenParam('t')

shell

CRAFT_TOKEN_PARAM=t

:::

View source

`transformGifs`

Type: boolean
Default value: true
Since: 3.0.7

Whether GIF files should be cleansed/transformed.

::: code

php

->transformGifs(false)

shell

CRAFT_TRANSFORM_GIFS=false

:::

View source

`transformSvgs`

Type: boolean
Default value: true
Since: 3.7.1

Whether SVG files should be transformed.

::: code

php

->transformSvgs(false)

shell

CRAFT_TRANSFORM_SVGS=false

:::

View source

`translationDebugOutput`

Type: boolean
Default value: false

Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the |translate filter.

::: code

php

->translationDebugOutput(true)

shell

CRAFT_TRANSLATION_DEBUG_OUTPUT=1

:::

View source

`trustedHosts`

Type: array
Default value: [ 'any', ]

The configuration for trusted security-related headers.

See yii\web\Request::$trustedHosts for more details.

By default, all hosts are trusted.

::: code

php

->trustedHosts(['trusted-one.foo', 'trusted-two.foo'])

shell

CRAFT_TRUSTED_HOSTS=trusted-one.foo,trusted-two.foo

:::

View source

`upscaleImages`

Type: boolean
Default value: true
Since: 3.4.0

Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.

::: code

php

->upscaleImages(false)

shell

CRAFT_UPSCALE_IMAGES=false

:::

View source

`useEmailAsUsername`

Type: boolean
Default value: false

Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.

If you enable this setting after user accounts already exist, run this terminal command to update existing usernames:

bash

php craft utils/update-usernames

::: code

php

->useEmailAsUsername(true)

shell

CRAFT_USE_EMAIL_AS_USERNAME=1

:::

View source

`useFileLocks`

Type: boolean, null
Default value: null

Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.

Some file systems, such as NFS, do not support exclusive file locking.

If null, Craft will try to detect if the underlying file system supports exclusive file locking and cache the results.

::: code

php

->useFileLocks(false)

shell

CRAFT_USE_FILE_LOCKS=false

:::

View source

`useIframeResizer`

Type: boolean
Default value: false
Since: 3.5.5

Whether iFrame Resizer options should be used for Live Preview.

Using iFrame Resizer makes it possible for Craft to retain the preview’s scroll position between page loads, for cross-origin web pages.

It works by setting the height of the iframe to match the height of the inner web page, and the iframe’s container will be scrolled rather than the iframe document itself. This can lead to some unexpected CSS issues, however, because the previewed viewport height will be taller than the visible portion of the iframe.

If you have a decoupled front end, you will need to include iframeResizer.contentWindow.min.js on your page as well for this to work. You can conditionally include it for only Live Preview requests by checking if the requested URL contains a x-craft-live-preview query string parameter.

TIP

You can customize the behavior of iFrame Resizer via the config4:previewIframeResizerOptions config setting.

::: code

php

->useIframeResizer(true)

shell

CRAFT_USE_IFRAME_RESIZER=1

:::

View source

`usePathInfo`

Type: boolean
Default value: false

Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.

This setting only takes effect if config4:omitScriptNameInUrls is set to false.

::: code

php

->usePathInfo(true)

shell

CRAFT_USE_PATH_INFO=1

:::

View source

`useSecureCookies`

Type: boolean, string
Default value: 'auto'

Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.

Valid values are true, false, and 'auto'. Defaults to 'auto', which will set the secure flag if the page you’re currently accessing is over https://. true will always set the flag, regardless of protocol and false will never automatically set the flag.

::: code

php

->useSecureCookies(true)

shell

CRAFT_USE_SECURE_COOKIES=1

:::

View source

`useSslOnTokenizedUrls`

Type: boolean, string
Default value: 'auto'

Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto', Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https in the tokenized URL. If not, will use http.

If set to false, Craft will always use http. If set to true, then, Craft will always use https.

::: code

php

->useSslOnTokenizedUrls(true)

shell

CRAFT_USE_SSL_ON_TOKENIZED_URLS=1

:::

View source

`userSessionDuration`

Type: mixed
Default value: 3600 (1 hour)

The amount of time before a user will get logged out due to inactivity.

Set to 0 if you want users to stay logged in as long as their browser is open rather than a predetermined amount of time.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

// 3 hours
->userSessionDuration(10800)

shell

# 3 hours
CRAFT_USER_SESSION_DURATION=10800

:::

View source

`verificationCodeDuration`

Type: mixed
Default value: 86400 (1 day)

The amount of time a user verification code can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

::: code

php

// 1 hour
->verificationCodeDuration(3600)

shell

# 1 hour
CRAFT_VERIFICATION_CODE_DURATION=3600

:::

View source

`verifyEmailPath`

Type: mixed
Default value: 'verifyemail'
Since: 3.4.0

The URI or URL that Craft should use for email verification links on the front end.

This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->verifyEmailPath('verify-email')

shell

CRAFT_VERIFY_EMAIL_PATH=verify-email

:::

`verifyEmailSuccessPath`

Type: mixed
Default value: ''
Since: 3.1.20

The URI that users without access to the control panel should be redirected to after verifying a new email address.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

::: code

php

->verifyEmailSuccessPath('verified-email')

shell

CRAFT_VERIFY_EMAIL_SUCCESS_PATH=verified-email

:::

Protected Properties

Property	Description
filename	string, null – The config filename
renamedSettings

`filename`

Type: string, null
Default value: \craft\services\Config::CATEGORY_GENERAL

The config filename

View source

`renamedSettings`

Default value: [ 'activateAccountFailurePath' => 'invalidUserTokenPath', 'allowAutoUpdates' => 'allowUpdates', 'backupDbOnUpdate' => 'backupOnUpdate', 'defaultFilePermissions' => 'defaultFileMode', 'defaultFolderPermissions' => 'defaultDirMode', 'enableGraphQlCaching' => 'enableGraphqlCaching', 'environmentVariables' => 'aliases', 'isSystemOn' => 'isSystemLive', 'restoreDbOnUpdateFailure' => 'restoreOnUpdateFailure', 'useWriteFileLock' => 'useFileLocks', 'validationKey' => 'securityKey', ]

View source

Public Methods

Method	Description
__call()	Calls the named method which is not a class method.
__clone()
__construct()
__get()	Returns the value of a component property.
__isset()	Checks if a property is set, i.e. defined and not null.
__set()	Sets the value of a component property.
__unset()	Sets a component property to be null.
accessibilityDefaults()	The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
actionTrigger()	The URI segment Craft should look for when determining if the current request should be routed to a controller action.
activateAccountSuccessPath()	The URI that users without access to the control panel should be redirected to after activating their account.
activeAttributes()	Returns the attribute names that are subject to validation in the current scenario.
addError()	Adds a new error to the specified attribute.
addErrors()	Adds a list of errors.
addModelErrors()	Adds errors from another model, with a given attribute name prefix.
addTrailingSlashesToUrls()	Whether auto-generated URLs should have trailing slashes.
afterValidate()	This method is invoked after validation ends.
aliases()	Any custom Yii aliases that should be defined for every request.
allowAdminChanges()	Whether admins should be allowed to make administrative changes to the system.
allowSimilarTags()	Whether users should be allowed to create similarly-named tags.
allowUpdates()	Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
allowUppercaseInSlug()	Whether uppercase letters should be allowed in slugs.
allowedFileExtensions()	The file extensions Craft should allow when a user is uploading files.
allowedGraphqlOrigins()	The Ajax origins that should be allowed to access the GraphQL API, if enabled.
attachBehavior()	Attaches a behavior to this component.
attachBehaviors()	Attaches a list of behaviors to the component.
attributeHints()	Returns the attribute hints.
attributeLabels()	Returns the attribute labels.
attributes()	Returns the list of attribute names.
autoLoginAfterAccountActivation()	Whether users should automatically be logged in after activating their account or resetting their password.
backupCommand()	The shell command that Craft should execute to create a database backup.
backupOnUpdate()	Whether Craft should create a database backup before applying a new system update.
baseCpUrl()	The base URL Craft should use when generating control panel URLs.
beforeValidate()	This method is invoked before validation starts.
behaviors()	Returns a list of behaviors that this component should behave as.
blowfishHashCost()	The higher the cost value, the longer it takes to generate a password hash and to verify against it.
brokenImagePath()	The server path to an image file that should be sent when responding to an image request with a 404 status code.
buildId()	A unique ID representing the current build of the codebase.
cacheDuration()	The default length of time Craft will store data, RSS feed, and template caches.
canGetProperty()	Returns a value indicating whether a property can be read.
canSetProperty()	Returns a value indicating whether a property can be set.
className()	Returns the fully qualified name of this class.
clearErrors()	Removes errors for all attributes or a single attribute.
convertFilenamesToAscii()	Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. `ñ` → `n`).
cooldownDuration()	The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
cpHeadTags()	List of additional HTML tags that should be included in the `<head>` of control panel pages.
cpTrigger()	The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
create()	Factory method for creating new config objects.
createValidators()	Creates validator objects based on the validation rules specified in rules().
csrfTokenName()	The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to `true`.
datetimeAttributes()	Returns the names of any attributes that should hold DateTime values.
defaultCookieDomain()	The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to `'.my-project.tld'`.
defaultCountryCode()	The two-letter country code that addresses will be set to by default.
defaultCpLanguage()	The default language the control panel should use for users who haven’t set a preferred language yet.
defaultCpLocale()	The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
defaultDirMode()	The default permission to be set for newly-generated directories.
defaultFileMode()	The default permission to be set for newly-generated files.
defaultImageQuality()	The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).
defaultSearchTermOptions()	The default options that should be applied to each search term.
defaultTemplateExtensions()	The template file extensions Craft will look for when matching a template path to a file on the front end.
defaultTokenDuration()	The default amount of time tokens can be used before expiring.
defaultWeekStartDay()	The default day new users should have set as their Week Start Day.
deferPublicRegistrationPassword()	By default, Craft requires a front-end “password” field for public user registrations. Setting this to `true` removes that requirement for the initial registration form.
detachBehavior()	Detaches a behavior from the component.
detachBehaviors()	Detaches all behaviors from the component.
devMode()	Whether the system should run in Dev Mode.
disableGraphqlTransformDirective()	Whether the `transform` directive should be disabled for the GraphQL API.
disabledPlugins()	Array of plugin handles that should be disabled, regardless of what the project config says.
disabledUtilities()	Array of utility IDs that should be disabled.
disallowRobots()	Whether front end requests should respond with `X-Robots-Tag: none` HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
elevatedSessionDuration()	The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
enableBasicHttpAuth()	Whether front-end web requests should support basic HTTP authentication.
enableCsrfCookie()	Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the `csrfTokenName` config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.
enableCsrfProtection()	Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
enableGql()	Whether the GraphQL API should be enabled.
enableGraphqlCaching()	Whether Craft should cache GraphQL queries.
enableGraphqlIntrospection()	Whether GraphQL introspection queries are allowed. Defaults to `true` and is always allowed in the control panel.
enableTemplateCaching()	Whether to enable Craft’s template `{% cache %}` tag on a global basis.
ensureBehaviors()	Makes sure that the behaviors declared in behaviors() are attached to this component.
errorTemplatePrefix()	The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
extraAllowedFileExtensions()	List of file extensions that will be merged into the config4:allowedFileExtensions config setting.
extraAppLocales()	List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
extraFields()	Returns the list of fields that can be expanded further and returned by toArray().
extraFileKinds()	List of additional file kinds Craft should support. This array will get merged with the one defined in `\craft\helpers\Assets::_buildFileKinds()`.
extraLastNamePrefixes()	Any additional last name prefixes that should be supported by the name parser.
extraNameSalutations()	Any additional name salutations that should be supported by the name parser.
extraNameSuffixes()	Any additional name suffixes that should be supported by the name parser.
fields()	Returns the list of fields that should be returned by default by toArray() when no specific fields are specified.
filenameWordSeparator()	The string to use to separate words when uploading assets. If set to `false`, spaces will be left alone.
formName()	Returns the form name that this model class should use.
generateAttributeLabel()	Generates a user friendly attribute label based on the give attribute name.
generateTransformsBeforePageLoad()	Whether image transforms should be generated before page load.
getActivateAccountSuccessPath()	Returns the localized Activate Account Success Path value.
getActiveValidators()	Returns the validators applicable to the current scenario.
getAttributeHint()	Returns the text hint for the specified attribute.
getAttributeLabel()	Returns the text label for the specified attribute.
getAttributes()	Returns attribute values.
getBackupOnUpdate()	Returns whether the DB should be backed up before running new migrations.
getBehavior()	Returns the named behavior object.
getBehaviors()	Returns all behaviors attached to this component.
getErrorSummary()	Returns the errors for all attributes as a one-dimensional array.
getErrors()	Returns the errors for all attributes or a single attribute.
getFirstError()	Returns the first error of the specified attribute.
getFirstErrors()	Returns the first error of every attribute in the model.
getInvalidUserTokenPath()	Returns the localized Invalid User Token Path value.
getIterator()	Returns an iterator for traversing the attributes in the model.
getLoginPath()	Returns the localized Login Path value.
getLogoutPath()	Returns the localized Logout Path value.
getPageTrigger()	Returns the normalized page trigger.
getPostCpLoginRedirect()	Returns the localized Post-Login Redirect path for the control panel.
getPostLoginRedirect()	Returns the localized Post-Login Redirect path.
getPostLogoutRedirect()	Returns the localized Post-Logout Redirect path.
getRememberedUserSessionDuration()	Returns the remembered user session duration as a DateInterval object, if it’s set.
getScenario()	Returns the scenario that this model is used in.
getSetPasswordPath()	Returns the localized Set Password Path value.
getSetPasswordRequestPath()	Returns the localized Set Password Request Path value.
getSetPasswordSuccessPath()	Returns the localized Set Password Success Path value.
getTestToEmailAddress()	Returns the normalized test email addresses.
getValidators()	Returns all the validators declared in rules().
getVerifyEmailPath()	Returns the localized Verify Email Path value.
getVerifyEmailSuccessPath()	Returns the localized Verify Email Success Path value.
gqlTypePrefix()	Prefix to use for all type names returned by GraphQL.
handleCasing()	The casing to use for autogenerated component handles.
hasErrors()	Returns a value indicating whether there is any validation error.
hasEventHandlers()	Returns a value indicating whether there is any handler attached to the named event.
hasMethod()	Returns a value indicating whether a method is defined.
hasProperty()	Returns a value indicating whether a property is defined for this component.
headlessMode()	Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
httpProxy()	The proxy server that should be used for outgoing HTTP requests.
imageDriver()	The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either `'imagick'` or `'gd'` here to override that behavior.
imageEditorRatios()	An array containing the selectable image aspect ratios for the image editor. The array must be in the format of `label` => `ratio`, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.
indexTemplateFilenames()	The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
init()	Initializes the object.
instance()	Returns static class instance, which can be used to obtain meta information.
invalidLoginWindowDuration()	The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
invalidUserTokenPath()	The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.
ipHeaders()	List of headers where proxies store the real client IP.
isAttributeActive()	Returns a value indicating whether the attribute is active in the current scenario.
isAttributeRequired()	Returns a value indicating whether the attribute is required.
isAttributeSafe()	Returns a value indicating whether the attribute is safe for massive assignments.
isSystemLive()	Whether the site is currently live. If set to `true` or `false`, it will take precedence over the System Status setting in Settings → General.
limitAutoSlugsToAscii()	Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
load()	Populates the model with input data.
loadMultiple()	Populates a set of models with the data from end user.
loginPath()	The URI Craft should use for user login on the front end.
logoutPath()	The URI Craft should use for user logout on the front end.
maxBackups()	The number of backups Craft should make before it starts deleting the oldest backups. If set to `false`, Craft will not delete any backups.
maxCachedCloudImageSize()	The maximum dimension size to use when caching images from external sources to use in transforms. Set to `0` to never cache them.
maxGraphqlBatchSize()	The maximum allowed GraphQL queries that can be executed in a single batched request. Set to `0` to allow any number of queries.
maxGraphqlComplexity()	The maximum allowed complexity a GraphQL query is allowed to have. Set to `0` to allow any complexity.
maxGraphqlDepth()	The maximum allowed depth a GraphQL query is allowed to reach. Set to `0` to allow any depth.
maxGraphqlResults()	The maximum allowed results for a single GraphQL query. Set to `0` to disable any limits.
maxInvalidLogins()	The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
maxRevisions()	The maximum number of revisions that should be stored for each element.
maxSlugIncrement()	The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
maxUploadFileSize()	The maximum upload file size allowed.
off()	Detaches an existing event handler from this component.
offsetExists()	Returns whether there is an element at the specified offset.
offsetGet()	Returns the element at the specified offset.
offsetSet()	Sets the element at the specified offset.
offsetUnset()	Sets the element value at the specified offset to null.
omitScriptNameInUrls()	Whether generated URLs should omit `index.php` (e.g. `http://my-project.tld/path` instead of `http://my-project.tld/index.php/path`)
on()	Attaches an event handler to an event.
onUnsafeAttribute()	This method is invoked when an unsafe attribute is being massively assigned.
optimizeImageFilesize()	Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)
pageTrigger()	The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
pathParam()	The query string param that Craft will check when determining the request’s path.
permissionsPolicyHeader()	The `Permissions-Policy` header that should be sent for web responses.
phpMaxMemoryLimit()	The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.
phpSessionName()	The name of the PHP session cookie.
postCpLoginRedirect()	The path users should be redirected to after logging into the control panel.
postLoginRedirect()	The path users should be redirected to after logging in from the front-end site.
postLogoutRedirect()	The path that users should be redirected to after logging out from the front-end site.
prefixGqlRootTypes()	Whether the config4:gqlTypePrefix config setting should have an impact on `query`, `mutation`, and `subscription` types.
preloadSingles()	Whether Single section entries should be preloaded for Twig templates.
preserveCmykColorspace()	Whether CMYK should be preserved as the colorspace when manipulating images.
preserveExifData()	Whether the EXIF data should be preserved when manipulating and uploading images.
preserveImageColorProfiles()	Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
preventUserEnumeration()	When `true`, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
previewIframeResizerOptions()	Custom iFrame Resizer options that should be used for preview iframes.
previewTokenDuration()	The amount of time content preview tokens can be used before expiring.
privateTemplateTrigger()	The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
purgePendingUsersDuration()	The amount of time to wait before Craft purges pending users from the system that have not activated.
purgeStaleUserSessionDuration()	The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
purgeUnsavedDraftsDuration()	The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
rasterizeSvgThumbs()	Whether SVG thumbnails should be rasterized.
rememberUsernameDuration()	The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
rememberedUserSessionDuration()	The amount of time a user stays logged if “Remember Me” is checked on the login page.
requireMatchingUserAgentForSession()	Whether Craft should require a matching user agent string when restoring a user session from a cookie.
requireUserAgentAndIpForSession()	Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
resourceBasePath()	The path to the root directory that should store published control panel resources.
resourceBaseUrl()	The URL to the root directory that should store published control panel resources.
restoreCommand()	The shell command Craft should execute to restore a database backup.
revAssetUrls()	Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
rotateImagesOnUploadByExifData()	Whether Craft should rotate images according to their EXIF data on upload.
rules()	Returns the validation rules for attributes.
runQueueAutomatically()	Whether Craft should run pending queue jobs automatically when someone visits the control panel.
safeAttributes()	Returns the attribute names that are safe to be massively assigned in the current scenario.
sameSiteCookieValue()	The SameSite value that should be set on Craft cookies, if any.
sanitizeCpImageUploads()	Whether images uploaded via the control panel should be sanitized.
sanitizeSvgUploads()	Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
scenarios()	Returns a list of scenarios and the corresponding active attributes.
secureHeaders()	Lists of headers that are, by default, subject to the trusted host configuration.
secureProtocolHeaders()	List of headers to check for determining whether the connection is made via HTTPS.
securityKey()	A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
sendContentLengthHeader()	Whether a `Content-Length` header should be sent with responses.
sendPoweredByHeader()	Whether an `X-Powered-By: Craft CMS` header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft.
setAttributes()	Sets the attribute values in a massive way.
setGraphqlDatesToSystemTimeZone()	Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
setPasswordPath()	The URI or URL that Craft should use for Set Password forms on the front end.
setPasswordRequestPath()	The URI to the page where users can request to change their password.
setPasswordSuccessPath()	The URI Craft should redirect users to after setting their password from the front end.
setScenario()	Sets the scenario for the model.
showFirstAndLastNameFields()	Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.
siteToken()	The query string parameter name that site tokens should be set to.
slugWordSeparator()	The character(s) that should be used to separate words in slugs.
softDeleteDuration()	The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
storeUserIps()	Whether user IP addresses should be stored/logged by the system.
testToEmailAddress()	Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
timezone()	The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.
toArray()	Converts the model into an array.
tokenParam()	The query string parameter name that Craft tokens should be set to.
transformGifs()	Whether GIF files should be cleansed/transformed.
transformSvgs()	Whether SVG files should be transformed.
translationDebugOutput()	Whether translated messages should be wrapped in special characters to help find any strings that are not being run through `Craft::t()` or the `
trigger()	Triggers an event.
trustedHosts()	The configuration for trusted security-related headers.
upscaleImages()	Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
useEmailAsUsername()	Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
useFileLocks()	Whether to grab an exclusive lock on a file when writing to it by using the `LOCK_EX` flag.
useIframeResizer()	Whether iFrame Resizer options should be used for Live Preview.
usePathInfo()	Whether Craft should specify the path using `PATH_INFO` or as a query string parameter when generating URLs.
useSecureCookies()	Whether Craft will set the “secure” flag when saving cookies when using `Craft::cookieConfig()` to create a cookie.
useSslOnTokenizedUrls()	Determines what protocol/schema Craft will use when generating tokenized URLs. If set to `'auto'`, Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use `https` in the tokenized URL. If not, will use `http`.
userSessionDuration()	The amount of time before a user will get logged out due to inactivity.
validate()	Performs the data validation.
validateMultiple()	Validates multiple models.
verificationCodeDuration()	The amount of time a user verification code can be used before expiring.
verifyEmailPath()	The URI or URL that Craft should use for email verification links on the front end.
verifyEmailSuccessPath()	The URI that users without access to the control panel should be redirected to after verifying a new email address.

`__set()`

Sets the value of a component property.

This method will check in the following order and act accordingly:

a property defined by a setter: set the property value
an event in the format of "on xyz": attach the handler to the event "xyz"
a behavior in the format of "as xyz": attach the behavior named as "xyz"
a property of a behavior: set the behavior property value

Do not call this method directly as it is a PHP magic method that will be implicitly called when executing $component->property = $value;.

View source

Arguments

$name (string) – The property name or the event name
$value (mixed) – The property value

Throws

yii\base\UnknownPropertyException
if the property is not defined
yii\base\InvalidCallException
if the property is read-only.

`accessibilityDefaults()`

Since: 4.2.0

The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.

The array can contain the following keys:

alwaysShowFocusRings - Whether focus rings should always be shown when an element has focus.
useShapes – Whether shapes should be used to represent statuses.
underlineLinks – Whether links should be underlined.
notificationDuration – How long notifications should be shown before they disappear automatically (in milliseconds). Set to 0 to show them indefinitely.

php

->accessibilityDefaults([
    'useShapes' => true,
])

View source

Arguments

$value (array)

Returns

self

`actionTrigger()`

Since: 4.2.0

The URI segment Craft should look for when determining if the current request should be routed to a controller action.

php

->actionTrigger('do-it')

View source

Arguments

$value (string)

Returns

self

`activateAccountSuccessPath()`

Since: 4.2.0

The URI that users without access to the control panel should be redirected to after activating their account.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->activateAccountSuccessPath('welcome')

Arguments

$value (mixed)

Returns

self

`addTrailingSlashesToUrls()`

Since: 4.2.0

Whether auto-generated URLs should have trailing slashes.

php

->addTrailingSlashesToUrls(true)

View source

Arguments

$value (boolean)

Returns

self

`aliases()`

Since: 4.2.0

Any custom Yii aliases that should be defined for every request.

php

->aliases([
    '@webroot' => '/var/www/',
])

View source

Arguments

$value (array)

Returns

self

`allowAdminChanges()`

Since: 4.2.0

Whether admins should be allowed to make administrative changes to the system.

It’s best to disable this in production environments with a deployment workflow that runs composer install and propagates project config updates on deploy.

WARNING

Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.

php

->allowAdminChanges(false)

View source

Arguments

$value (boolean)

Returns

self

`allowSimilarTags()`

Since: 4.2.0

Whether users should be allowed to create similarly-named tags.

php

->allowSimilarTags(true)

View source

Arguments

$value (boolean)

Returns

self

`allowUpdates()`

Since: 4.2.0

Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.

This setting will automatically be disabled if config4:allowAdminChanges is disabled.

php

->allowUpdates(false)

View source

Arguments

$value (boolean)

Returns

self

`allowUppercaseInSlug()`

Since: 4.2.0

Whether uppercase letters should be allowed in slugs.

php

->allowUppercaseInSlug(true)

View source

Arguments

$value (boolean)

Returns

self

`allowedFileExtensions()`

Since: 4.2.0

The file extensions Craft should allow when a user is uploading files.

php

// Nothing bug GIFs!
->allowedFileExtensions([
    'gif',
])

View source

Arguments

$value (string[])

Returns

self

`allowedGraphqlOrigins()`

Since: 4.2.0

The Ajax origins that should be allowed to access the GraphQL API, if enabled.

If this is set to an array, then graphql/api requests will only include the current request’s origin in the Access-Control-Allow-Origin response header if it’s listed here.

If this is set to false, then the Access-Control-Allow-Origin response header will never be sent.

php

->allowedGraphqlOrigins(false)

View source

Arguments

$value (array, null, false)

Returns

self

`autoLoginAfterAccountActivation()`

Since: 4.2.0

Whether users should automatically be logged in after activating their account or resetting their password.

php

->autoLoginAfterAccountActivation(true)

View source

Arguments

$value (boolean)

Returns

self

`backupCommand()`

Since: 4.2.0

The shell command that Craft should execute to create a database backup.

When set to null (default), Craft will run mysqldump or pg_dump, provided that those libraries are in the $PATH variable for the system user running the web server.

You may provide your own command, which can include several tokens Craft will substitute at runtime:

{file} - the target backup file path
{port} - the current database port
{server} - the current database hostname
{user} - user that was used to connect to the database
{password} - password for the specified {user}
{database} - the current database name
{schema} - the current database schema (if any)

This can also be set to false to disable database backups completely.

php

->backupCommand(false)

View source

Arguments

$value (string, null, false)

Returns

self

`backupOnUpdate()`

Since: 4.2.0

Whether Craft should create a database backup before applying a new system update.

php

->backupOnUpdate(false)

View source

Arguments

$value (boolean)

Returns

self

`baseCpUrl()`

Since: 4.2.0

The base URL Craft should use when generating control panel URLs.

It will be determined automatically if left blank.

TIP

The base control panel URL should not include the control panel trigger word (e.g. /admin).

php

->baseCpUrl('https://cms.my-project.tld/')

View source

Arguments

$value (string, null)

Returns

self

`blowfishHashCost()`

Since: 4.2.0

The higher the cost value, the longer it takes to generate a password hash and to verify against it.

Therefore, higher cost slows down a brute-force attack.

For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.

The time taken to compute the hash doubles for every increment by one for this value.

For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.

php

->blowfishHashCost(15)

View source

Arguments

$value (integer)

Returns

self

`brokenImagePath()`

Since: 4.2.0

The server path to an image file that should be sent when responding to an image request with a 404 status code.

This can be set to an aliased path such as @webroot/assets/404.svg.

php

->brokenImagePath('@webroot/assets/404.svg')

View source

Arguments

$value (string, null)

Returns

self

`buildId()`

Since: 4.2.0

A unique ID representing the current build of the codebase.

This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.

php

->buildId(\craft\helpers\App::env('GIT_SHA'))

View source

Arguments

$value (string, null)

Returns

self

`cacheDuration()`

Since: 4.2.0

The default length of time Craft will store data, RSS feed, and template caches.

If set to 0, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

->cacheDuration(0)

View source

Arguments

$value (mixed)

Returns

self

`convertFilenamesToAscii()`

Since: 4.2.0

Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñ → n).

TIP

You can run php craft utils/ascii-filenames in your terminal to apply ASCII filenames to all existing assets.

php

->convertFilenamesToAscii(false)

View source

Arguments

$value (boolean)

Returns

self

`cooldownDuration()`

Since: 4.2.0

The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.

Set to 0 to keep the account locked indefinitely, requiring an admin to manually unlock the account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

->cooldownDuration(0)

View source

Arguments

$value (mixed)

Returns

self

`cpHeadTags()`

Since: 4.2.0

List of additional HTML tags that should be included in the <head> of control panel pages.

Each tag can be specified as an array of the tag name and its attributes.

For example, you can give the control panel a custom favicon (etc.) like this:

php

->cpHeadTags([
    // Traditional favicon
    ['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
    // Scalable favicon for browsers that support them
    ['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
    // Touch icon for mobile devices
    ['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
    // Pinned tab icon for Safari
    ['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])

View source

Arguments

$value (array)

Returns

self

`cpTrigger()`

Since: 4.2.0

The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.

php

define('CRAFT_CP', true);

(For example, if you have an assets/ folder, that would conflict with the /assets page in the control panel.)

php

->cpTrigger(null)

View source

Arguments

$value (string, null)

Returns

self

`csrfTokenName()`

Since: 4.2.0

The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true.

php

->csrfTokenName('MY_CSRF')

Arguments

$value (string)

Returns

self

`defaultCookieDomain()`

Since: 4.2.0

php

->defaultCookieDomain('.my-project.tld')

View source

Arguments

$value (string)

Returns

self

`defaultCountryCode()`

Since: 4.5.0

The two-letter country code that addresses will be set to by default.

See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for a list of acceptable country codes.

php

->defaultCountryCode('GB')

View source

Arguments

$value (string)

Returns

self

`defaultCpLanguage()`

Since: 4.2.0

The default language the control panel should use for users who haven’t set a preferred language yet.

php

->defaultCpLanguage('en-US')

View source

Arguments

$value (string, null)

Returns

self

Throws

yii\base\InvalidConfigException

`defaultCpLocale()`

Since: 4.2.0

The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.

If this is null, the config4:defaultCpLanguage config setting will determine which locale is used for date/number formatting by default.

php

->defaultCpLocale('en-US')

View source

Arguments

$value (string, null)

Returns

self

`defaultDirMode()`

Since: 4.2.0

The default permission to be set for newly-generated directories.

If set to null, the permission will be determined by the current environment.

php

->defaultDirMode(0744)

View source

Arguments

$value (mixed)

Returns

self

`defaultFileMode()`

Since: 4.2.0

The default permission to be set for newly-generated files.

If set to null, the permission will be determined by the current environment.

php

->defaultFileMode(0744)

View source

Arguments

$value (integer, null)

Returns

self

`defaultImageQuality()`

Since: 4.2.0

The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).

php

->defaultImageQuality(90)

View source

Arguments

$value (integer)

Returns

self

`defaultSearchTermOptions()`

Since: 4.2.0

The default options that should be applied to each search term.

Options include:

subLeft – Whether to include keywords that contain the term, with additional characters before it. (false by default)
subRight – Whether to include keywords that contain the term, with additional characters after it. (true by default)
exclude – Whether search results should exclude records with this term. (false by default)
exact – Whether the term must be an exact match (only applies if the search term specifies an attribute). (false by default)

php

->defaultSearchTermOptions([
    'subLeft' => true,
    'exclude' => 'secret',
])

View source

Arguments

$value (array)

Returns

self

`defaultTemplateExtensions()`

Since: 4.2.0

The template file extensions Craft will look for when matching a template path to a file on the front end.

php

->defaultTemplateExtensions(['html', 'twig', 'txt'])

View source

Arguments

$value (array)

Returns

self

`defaultTokenDuration()`

Since: 4.2.0

The default amount of time tokens can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

// One week
->defaultTokenDuration(604800)

View source

Arguments

$value (mixed)

Returns

self

`defaultWeekStartDay()`

Since: 4.2.0

The default day new users should have set as their Week Start Day.

This should be set to one of the following integers:

0 – Sunday
1 – Monday
2 – Tuesday
3 – Wednesday
4 – Thursday
5 – Friday
6 – Saturday

php

->defaultWeekStartDay(0)

View source

Arguments

$value (integer)

Returns

self

`deferPublicRegistrationPassword()`

Since: 4.2.0

By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.

php

->deferPublicRegistrationPassword(true)

View source

Arguments

$value (boolean)

Returns

self

`devMode()`

Since: 4.2.0

Whether the system should run in Dev Mode.

php

->devMode(true)

View source

Arguments

$value (boolean)

Returns

self

`disableGraphqlTransformDirective()`

Since: 4.2.0

Whether the transform directive should be disabled for the GraphQL API.

php

->disableGraphqlTransformDirective(true)

View source

Arguments

$value (boolean)

Returns

self

`disabledPlugins()`

Since: 4.2.0

Array of plugin handles that should be disabled, regardless of what the project config says.

php

->disabledPlugins([
    'webhooks',
])

This can also be set to '*' to disable all plugins.

php

->dev([
    'disabledPlugins' => '*',
])

WARNING

This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.

php

->disabledPlugins(['redactor', 'webhooks'])

View source

Arguments

$value (string, array, null)

Returns

self

`disabledUtilities()`

Since: 4.6.0

Array of utility IDs that should be disabled.

::: code

php

 ->disabledUtilities([
     'updates',
     'find-replace',
 ])

shell

CRAFT_DISABLED_UTILITIES=updates,find-replace

:::

View source

Arguments

$value (string[])

Returns

self

`disallowRobots()`

Since: 4.2.0

Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.

TIP

This should be set to true for development and staging environments.

php

->disallowRobots(true)

View source

Arguments

$value (boolean)

Returns

self

`elevatedSessionDuration()`

Since: 4.2.0

The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).

Set to 0 to disable elevated session support.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

->elevatedSessionDuration(0)

View source

Arguments

$value (mixed)

Returns

self

`enableBasicHttpAuth()`

Since: 4.2.0

Whether front-end web requests should support basic HTTP authentication.

php

->enableBasicHttpAuth(true)

View source

Arguments

$value (boolean)

Returns

self

`enableCsrfCookie()`

Since: 4.2.0

php

->enableCsrfCookie(false)

View source

Arguments

$value (boolean)

Returns

self

`enableCsrfProtection()`

Since: 4.2.0

Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.

php

->enableCsrfProtection(false)

View source

Arguments

$value (boolean)

Returns

self

`enableGql()`

Since: 4.2.0

Whether the GraphQL API should be enabled.

The GraphQL API is only available for Craft Pro.

php

->enableGql(false)

View source

Arguments

$value (boolean)

Returns

self

`enableGraphqlCaching()`

Since: 4.2.0

Whether Craft should cache GraphQL queries.

This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result property.

php

->enableGraphqlCaching(false)

View source

Arguments

$value (boolean)

Returns

self

`enableGraphqlIntrospection()`

Since: 4.2.0

Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.

php

->enableGraphqlIntrospection(false)

View source

Arguments

$value (boolean)

Returns

self

`enableTemplateCaching()`

Since: 4.2.0

Whether to enable Craft’s template {% cache %} tag on a global basis.

php

->enableTemplateCaching(false)

Arguments

$value (boolean)

Returns

self

`errorTemplatePrefix()`

Since: 4.2.0

The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.

If set to '_' your site’s 404 template would live at templates/_404.twig, for example.

php

->errorTemplatePrefix('_')

View source

Arguments

$value (string)

Returns

self

`extraAllowedFileExtensions()`

Since: 4.2.0

List of file extensions that will be merged into the config4:allowedFileExtensions config setting.

php

->extraAllowedFileExtensions(['mbox', 'xml'])

View source

Arguments

$value (string[], null)

Returns

self

`extraAppLocales()`

Since: 4.2.0

List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.

php

->extraAppLocales(['uk'])

View source

Arguments

$value (string[], null)

Returns

self

Throws

yii\base\InvalidConfigException

`extraFileKinds()`

Since: 4.2.0

List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().

php

->extraFileKinds([
    // merge .psb into list of Photoshop file kinds
    'photoshop' => [
        'extensions' => ['psb'],
    ],
    // register new "Stylesheet" file kind
    'stylesheet' => [
        'label' => 'Stylesheet',
        'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
    ],
])

TIP

File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions config setting.

View source

Arguments

$value (array)

Returns

self

`extraLastNamePrefixes()`

Since: 4.3.0

Any additional last name prefixes that should be supported by the name parser.

php

->extraLastNamePrefixes(['Dal', 'Van Der'])

View source

Arguments

$value (string[])

Returns

self

`extraNameSalutations()`

Since: 4.3.0

Any additional name salutations that should be supported by the name parser.

php

->extraNameSalutations(['Lady', 'Sire'])

View source

Arguments

$value (string[])

Returns

self

`extraNameSuffixes()`

Since: 4.3.0

Any additional name suffixes that should be supported by the name parser.

php

->extraNameSuffixes(['CCNA', 'OBE'])

View source

Arguments

$value (string[])

Returns

self

`filenameWordSeparator()`

Since: 4.2.0

The string to use to separate words when uploading assets. If set to false, spaces will be left alone.

php

->filenameWordSeparator(false)

View source

Arguments

$value (string, false)

Returns

self

`generateTransformsBeforePageLoad()`

Since: 4.2.0

Whether image transforms should be generated before page load.

php

->generateTransformsBeforePageLoad(true)

View source

Arguments

$value (boolean)

Returns

self

`getActivateAccountSuccessPath()`

Returns the localized Activate Account Success Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`getBackupOnUpdate()`

Returns whether the DB should be backed up before running new migrations.

View source

Returns

boolean

`getInvalidUserTokenPath()`

Returns the localized Invalid User Token Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`getLoginPath()`

Returns the localized Login Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

mixed

`getLogoutPath()`

Returns the localized Logout Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

mixed

`getPageTrigger()`

Since: 3.2.0

Returns the normalized page trigger.

Returns

string

`getPostCpLoginRedirect()`

Returns the localized Post-Login Redirect path for the control panel.

Returns

string

`getPostLoginRedirect()`

Returns the localized Post-Login Redirect path.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`getPostLogoutRedirect()`

Returns the localized Post-Logout Redirect path.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`getRememberedUserSessionDuration()`

Since: 4.2.1

Returns the remembered user session duration as a DateInterval object, if it’s set.

View source

Returns

DateInterval, null

`getSetPasswordPath()`

Returns the localized Set Password Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`getSetPasswordRequestPath()`

Since: 3.5.14

Returns the localized Set Password Request Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string, null

`getSetPasswordSuccessPath()`

Returns the localized Set Password Success Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`getTestToEmailAddress()`

Since: 3.5.0

Returns the normalized test email addresses.

View source

Returns

array

`getVerifyEmailPath()`

Since: 3.4.0

Returns the localized Verify Email Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`getVerifyEmailSuccessPath()`

Since: 3.1.20

Returns the localized Verify Email Success Path value.

Arguments

$siteHandle (string, null) – The site handle the value should be defined for. Defaults to the current site.

Returns

string

`gqlTypePrefix()`

Since: 4.2.0

Prefix to use for all type names returned by GraphQL.

php

->gqlTypePrefix('craft_')

View source

Arguments

$value (string)

Returns

self

`handleCasing()`

Since: 4.2.0

The casing to use for autogenerated component handles.

This can be set to one of the following:

camel – for camelCase
pascal – for PascalCase (aka UpperCamelCase)
snake – for snake_case

php

->handleCasing('pascal')

View source

Arguments

$value (string)

Returns

self

`headlessMode()`

Since: 4.2.0

Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.

When this is enabled, the following changes will take place:

Template settings for sections and category groups will be hidden.
Template route management will be hidden.
Front-end routing will skip checks for element and template requests.
Front-end responses will be JSON-formatted rather than HTML by default.
Twig will be configured to escape unsafe strings for JavaScript/JSON rather than HTML by default for front-end requests.
The config4:loginPath, config4:logoutPath, config4:setPasswordPath, and config4:verifyEmailPath settings will be ignored.

TIP

php

->headlessMode(true)

View source

Arguments

$value (boolean)

Returns

self

`httpProxy()`

Since: 4.2.0

The proxy server that should be used for outgoing HTTP requests.

This can be set to a URL (http://localhost) or a URL plus a port (http://localhost:8125).

php

->httpProxy('http://localhost')

View source

Arguments

$value (string, null)

Returns

self

`imageDriver()`

Since: 4.2.0

php

->imageDriver('imagick')

View source

Arguments

$value (mixed)

Returns

self

`imageEditorRatios()`

Since: 4.2.0

php

->imageEditorRatios([
    'Unconstrained' => 'none',
    'Original' => 'original',
    'Square' => 1,
    'IMAX' => 1.9,
    'Widescreen' => 1.78,
])

View source

Arguments

$value (array)

Returns

self

`indexTemplateFilenames()`

Since: 4.2.0

The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.

php

->indexTemplateFilenames(['index', 'default'])

View source

Arguments

$value (string[])

Returns

self

`init()`

Initializes the object.

This method is invoked at the end of the constructor after the object is initialized with the given configuration.

View source

Throws

yii\base\InvalidConfigException

`invalidLoginWindowDuration()`

Since: 4.2.0

The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

// 1 day
->invalidLoginWindowDuration(86400)

View source

Arguments

$value (mixed)

Returns

self

`invalidUserTokenPath()`

Since: 4.2.0

The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

// 1 day
->invalidUserTokenPath('nope')

View source

Arguments

$value (mixed)

Returns

self

`ipHeaders()`

Since: 4.2.0

List of headers where proxies store the real client IP.

See yii\web\Request::$ipHeaders for more details.

If not set, the default craft\web\Request::$ipHeaders value will be used.

php

->ipHeaders(['X-Forwarded-For', 'CF-Connecting-IP'])

View source

Arguments

$value (string[], null)

Returns

self

`isSystemLive()`

Since: 4.2.0

Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.

php

->isSystemLive(true)

View source

Arguments

$value (boolean, null)

Returns

self

`limitAutoSlugsToAscii()`

Since: 4.2.0

Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).

TIP

This only affects the JavaScript auto-generated slugs. Non-ASCII characters can still be used in slugs if entered manually.

php

->limitAutoSlugsToAscii(true)

View source

Arguments

$value (boolean)

Returns

self

`loginPath()`

Since: 4.2.0

The URI Craft should use for user login on the front end.

This can be set to false to disable front-end login.

Note that this config setting is ignored when config4:headlessMode is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->loginPath(false)

View source

Arguments

$value (mixed)

Returns

self

`logoutPath()`

Since: 4.2.0

The URI Craft should use for user logout on the front end.

This can be set to false to disable front-end logout.

Note that this config setting is ignored when config4:headlessMode is enabled.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->logoutPath(false)

View source

Arguments

$value (mixed)

Returns

self

`maxBackups()`

Since: 4.2.0

The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.

php

->maxBackups(5)

View source

Arguments

$value (integer, false)

Returns

self

`maxCachedCloudImageSize()`

Since: 4.2.0

The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.

php

->maxCachedCloudImageSize(0)

View source

Arguments

$value (integer)

Returns

self

`maxGraphqlBatchSize()`

Since: 4.5.5

The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.

php

->maxGraphqlBatchSize(500)

View source

Arguments

$value (integer)

Returns

self

`maxGraphqlComplexity()`

Since: 4.2.0

The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.

php

->maxGraphqlComplexity(500)

View source

Arguments

$value (integer)

Returns

self

`maxGraphqlDepth()`

Since: 4.2.0

The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.

php

->maxGraphqlDepth(5)

View source

Arguments

$value (integer)

Returns

self

`maxGraphqlResults()`

Since: 4.2.0

The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.

php

->maxGraphqlResults(100)

View source

Arguments

$value (integer)

Returns

self

`maxInvalidLogins()`

Since: 4.2.0

The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.

php

->maxInvalidLogins(3)

View source

Arguments

$value (integer, false)

Returns

self

`maxRevisions()`

Since: 4.2.0

The maximum number of revisions that should be stored for each element.

Set to 0 if you want to store an unlimited number of revisions.

php

->maxRevisions(25)

View source

Arguments

$value (integer, null)

Returns

self

`maxSlugIncrement()`

Since: 4.2.0

The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.

php

->maxSlugIncrement(10)

View source

Arguments

$value (integer)

Returns

self

`maxUploadFileSize()`

Since: 4.2.0

The maximum upload file size allowed.

See craft\helpers\ConfigHelper::sizeInBytes() for a list of supported value types.

php

// 25MB
->maxUploadFileSize(26214400)

View source

Arguments

$value (integer, string)

Returns

self

`omitScriptNameInUrls()`

Since: 4.2.0

Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)

This can only be possible if your server is configured to redirect would-be 404s to index.php, for example, with the redirect found in the .htaccess file that came with Craft:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.+) /index.php?p=$1 [QSA,L]

php

->omitScriptNameInUrls(true)

View source

Arguments

$value (boolean)

Returns

self

`optimizeImageFilesize()`

Since: 4.2.0

Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)

php

->optimizeImageFilesize(false)

View source

Arguments

$value (boolean)

Returns

self

`pageTrigger()`

Since: 4.2.0

The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.

Example Value	Example URI
`p`	`/news/p5`
`page`	`/news/page5`
`page/`	`/news/page/5`
`?page`	`/news?page=5`

TIP

php

->pageTrigger('page')

View source

Arguments

$value (string)

Returns

self

`pathParam()`

Since: 4.2.0

The query string param that Craft will check when determining the request’s path.

RewriteRule (.+) index.php [QSA,L]

php

->pathParam(null)

View source

Arguments

$value (string, null)

Returns

self

`permissionsPolicyHeader()`

Since: 4.2.0

The Permissions-Policy header that should be sent for web responses.

php

->permissionsPolicyHeader('Permissions-Policy: geolocation=(self)')

View source

Arguments

$value (string, null)

Returns

self

`phpMaxMemoryLimit()`

Since: 4.2.0

See https://php.net/manual/en/faq.using.php#faq.using.shorthandbytes for a list of acceptable values.

php

->phpMaxMemoryLimit('512M')

View source

Arguments

$value (string, null)

Returns

self

`phpSessionName()`

Since: 4.2.0

The name of the PHP session cookie.

php

->phpSessionName(null)

Arguments

$value (string)

Returns

self

`postCpLoginRedirect()`

Since: 4.2.0

The path users should be redirected to after logging into the control panel.

This setting will also come into effect if a user visits the control panel’s login page (/admin/login) or the control panel’s root URL (/admin) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->postCpLoginRedirect('entries')

View source

Arguments

$value (mixed)

Returns

self

`postLoginRedirect()`

Since: 4.2.0

The path users should be redirected to after logging in from the front-end site.

This setting will also come into effect if the user visits the login page (as specified by the config4:loginPath config setting) when they are already logged in.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->postLoginRedirect('welcome')

View source

Arguments

$value (mixed)

Returns

self

`postLogoutRedirect()`

Since: 4.2.0

The path that users should be redirected to after logging out from the front-end site.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->postLogoutRedirect('goodbye')

View source

Arguments

$value (mixed)

Returns

self

`prefixGqlRootTypes()`

Since: 4.2.0

Whether the config4:gqlTypePrefix config setting should have an impact on query, mutation, and subscription types.

php

->prefixGqlRootTypes(false)

View source

Arguments

$value (boolean)

Returns

self

`preloadSingles()`

Since: 4.4.0

Whether Single section entries should be preloaded for Twig templates.

When enabled, Craft will make an educated guess on which Singles should be preloaded for each template based on the variable names that are referenced.

WARNING

You will need to clear your compiled templates from the Caches utility before this setting will take effect.

::: code

php

->preloadSingles()

shell

CRAFT_PRELOAD_SINGLES=true

:::

View source

Arguments

$value (boolean)

Returns

self

`preserveCmykColorspace()`

Since: 4.2.0

Whether CMYK should be preserved as the colorspace when manipulating images.

php

->preserveCmykColorspace(true)

View source

Arguments

$value (boolean)

Returns

self

`preserveExifData()`

Since: 4.2.0

Whether the EXIF data should be preserved when manipulating and uploading images.

Setting this to true will result in larger image file sizes.

This will only have effect if ImageMagick is in use.

php

->preserveExifData(true)

View source

Arguments

$value (boolean)

Returns

self

`preserveImageColorProfiles()`

Since: 4.2.0

Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.

php

->preserveImageColorProfiles(false)

View source

Arguments

$value (boolean)

Returns

self

`preventUserEnumeration()`

Since: 4.2.0

When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.

php

->preventUserEnumeration(true)

View source

Arguments

$value (boolean)

Returns

self

`previewIframeResizerOptions()`

Since: 4.2.0

Custom iFrame Resizer options that should be used for preview iframes.

php

->previewIframeResizerOptions([
    'autoResize' => false,
])

View source

Arguments

$value (array)

Returns

self

`previewTokenDuration()`

Since: 4.2.0

The amount of time content preview tokens can be used before expiring.

Defaults to config4:defaultTokenDuration value.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

// 1 hour
->previewTokenDuration(3600)

View source

Arguments

$value (mixed)

Returns

self

`privateTemplateTrigger()`

Since: 4.2.0

The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.

Set to an empty value to disable public template routing.

php

->privateTemplateTrigger('')

View source

Arguments

$value (string)

Returns

self

`purgePendingUsersDuration()`

Since: 4.2.0

The amount of time to wait before Craft purges pending users from the system that have not activated.

Any content assigned to a pending user will be deleted as well when the given time interval passes.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

TIP

Users will only be purged when garbage collection is run.

php

// 2 weeks
->purgePendingUsersDuration(1209600)

View source

Arguments

$value (mixed)

Returns

self

`purgeStaleUserSessionDuration()`

Since: 4.2.0

The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

// 1 week
->purgeStaleUserSessionDuration(604800)

View source

Arguments

$value (mixed)

Returns

self

`purgeUnsavedDraftsDuration()`

Since: 4.2.0

The amount of time to wait before Craft purges unpublished drafts that were never updated with content.

Set to 0 to disable this feature.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

->purgeUnsavedDraftsDuration(0)

View source

Arguments

$value (mixed)

Returns

self

`rasterizeSvgThumbs()`

Since: 4.2.0

Whether SVG thumbnails should be rasterized.

This will only work if ImageMagick is installed, and config4:imageDriver is set to either auto or imagick.

php

->rasterizeSvgThumbs(true)

View source

Arguments

$value (boolean)

Returns

self

`rememberUsernameDuration()`

Since: 4.2.0

The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.

Set to 0 to disable this feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

->rememberUsernameDuration(0)

View source

Arguments

$value (mixed)

Returns

self

`rememberedUserSessionDuration()`

Since: 4.2.0

The amount of time a user stays logged if “Remember Me” is checked on the login page.

Set to 0 to disable the “Remember Me” feature altogether.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

->rememberedUserSessionDuration(0)

Arguments

$value (mixed)

Returns

self

Throws

yii\base\InvalidConfigException

`requireMatchingUserAgentForSession()`

Since: 4.2.0

Whether Craft should require a matching user agent string when restoring a user session from a cookie.

php

->requireMatchingUserAgentForSession(false)

View source

Arguments

$value (boolean)

Returns

self

`requireUserAgentAndIpForSession()`

Since: 4.2.0

Whether Craft should require the existence of a user agent string and IP address when creating a new user session.

php

->requireUserAgentAndIpForSession(false)

View source

Arguments

$value (boolean)

Returns

self

`resourceBasePath()`

Since: 4.2.0

The path to the root directory that should store published control panel resources.

php

->resourceBasePath('@webroot/craft-resources')

View source

Arguments

$value (string)

Returns

self

`resourceBaseUrl()`

Since: 4.2.0

The URL to the root directory that should store published control panel resources.

php

->resourceBaseUrl('@web/craft-resources')

View source

Arguments

$value (string)

Returns

self

`restoreCommand()`

Since: 4.2.0

The shell command Craft should execute to restore a database backup.

By default Craft will run mysql or psql, provided those libraries are in the $PATH variable for the user the web server is running as.

There are several tokens you can use that Craft will swap out at runtime:

{path} - the backup file path
{port} - the current database port
{server} - the current database hostname
{user} - the user to connect to the database
{database} - the current database name
{schema} - the current database schema (if any)

This can also be set to false to disable database restores completely.

php

->restoreCommand(false)

View source

Arguments

$value (string, null, false)

Returns

self

`revAssetUrls()`

Since: 4.2.0

Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.

php

->revAssetUrls(true)

View source

Arguments

$value (boolean)

Returns

self

`rotateImagesOnUploadByExifData()`

Since: 4.2.0

Whether Craft should rotate images according to their EXIF data on upload.

php

->rotateImagesOnUploadByExifData(false)

View source

Arguments

$value (boolean)

Returns

self

`runQueueAutomatically()`

Since: 4.2.0

Whether Craft should run pending queue jobs automatically when someone visits the control panel.

If disabled, an alternate queue worker must be set up separately, either as an always-running daemon, or a cron job that runs the queue/run command every minute:

cron

* * * * * /path/to/project/craft queue/run

TIP

This setting should be disabled for servers running Win32, or with Apache’s mod_deflate/mod_gzip installed, where PHP’s flush() method won’t work.

php

->runQueueAutomatically(false)

View source

Arguments

$value (boolean)

Returns

self

`sameSiteCookieValue()`

Since: 4.2.0

The SameSite value that should be set on Craft cookies, if any.

This can be set to 'None', 'Lax', 'Strict', or null.

php

->sameSiteCookieValue('Strict')

View source

Arguments

$value (?string)

Returns

self

`sanitizeCpImageUploads()`

Since: 4.2.0

Whether images uploaded via the control panel should be sanitized.

php

->sanitizeCpImageUploads(false)

View source

Arguments

$value (boolean)

Returns

self

`sanitizeSvgUploads()`

Since: 4.2.0

Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.

This should definitely be enabled if you are accepting SVG uploads from untrusted sources.

php

->sanitizeSvgUploads(false)

View source

Arguments

$value (boolean)

Returns

self

`secureHeaders()`

Since: 4.2.0

Lists of headers that are, by default, subject to the trusted host configuration.

See yii\web\Request::$secureHeaders for more details.

If not set, the default yii\web\Request::$secureHeaders value will be used.

php

->secureHeaders([
    'X-Forwarded-For',
    'X-Forwarded-Host',
    'X-Forwarded-Proto',
    'X-Rewrite-Url',
    'X-Original-Host',
    'CF-Connecting-IP',
])

View source

Arguments

$value (array, null)

Returns

self

`secureProtocolHeaders()`

Since: 4.2.0

List of headers to check for determining whether the connection is made via HTTPS.

See yii\web\Request::$secureProtocolHeaders for more details.

If not set, the default yii\web\Request::$secureProtocolHeaders value will be used.

php

->secureProtocolHeaders([
    'X-Forwarded-Proto' => [
        'https',
    ],
    'Front-End-Https' => [
        'on',
    ],
    'CF-Visitor' => [
        '{\"scheme\":\"https\"}',
    ],
])

View source

Arguments

$value (array, null)

Returns

self

`securityKey()`

Since: 4.2.0

A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.

This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible.

php

->securityKey('2cf24dba5...')

View source

Arguments

$value (string)

Returns

self

`sendContentLengthHeader()`

Since: 4.2.0

Whether a Content-Length header should be sent with responses.

php

->sendContentLengthHeader(true)

View source

Arguments

$value (boolean)

Returns

self

`sendPoweredByHeader()`

Since: 4.2.0

Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft.

php

->sendPoweredByHeader(false)

View source

Arguments

$value (boolean)

Returns

self

`setGraphqlDatesToSystemTimeZone()`

Since: 4.2.0

Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.

php

->setGraphqlDatesToSystemTimeZone(true)

View source

Arguments

$value (boolean)

Returns

self

`setPasswordPath()`

Since: 4.2.0

The URI or URL that Craft should use for Set Password forms on the front end.

This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

TIP

You might also want to set config4:invalidUserTokenPath in case a user clicks on an expired password reset link.

php

->setPasswordPath('set-password')

View source

Arguments

$value (mixed)

Returns

self

`setPasswordRequestPath()`

Since: 4.2.0

The URI to the page where users can request to change their password.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

If this is set, Craft will redirect .well-known/change-password requests to this URI.

TIP

php

->setPasswordRequestPath('request-password')

View source

Arguments

$value (mixed)

Returns

self

`setPasswordSuccessPath()`

Since: 4.2.0

The URI Craft should redirect users to after setting their password from the front end.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->setPasswordSuccessPath('password-set')

View source

Arguments

$value (mixed)

Returns

self

`showFirstAndLastNameFields()`

Since: 4.6.0

Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.

php

->showFirstAndLastNameFields()

View source

Arguments

$value (boolean)

Returns

self

`siteToken()`

Since: 4.2.0

The query string parameter name that site tokens should be set to.

php

->siteToken('t')

View source

Arguments

$value (string)

Returns

self

`slugWordSeparator()`

Since: 4.2.0

The character(s) that should be used to separate words in slugs.

php

->slugWordSeparator('.')

View source

Arguments

$value (string)

Returns

self

`softDeleteDuration()`

Since: 4.2.0

The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.

Set to 0 if you don’t ever want to delete soft-deleted items.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

->softDeleteDuration(0)

View source

Arguments

$value (mixed)

Returns

self

`storeUserIps()`

Since: 4.2.0

Whether user IP addresses should be stored/logged by the system.

php

->storeUserIps(true)

View source

Arguments

$value (boolean)

Returns

self

`testToEmailAddress()`

Since: 4.2.0

Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.

By default, the recipient name(s) will be “Test Recipient”, but you can customize that by setting the value with the format ['me@domain.tld' => 'Name'].

php

->testToEmailAddress('me@domain.tld')

View source

Arguments

$value (string, array, null, false)

Returns

self

`timezone()`

Since: 4.2.0

The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.

This can be set to one of PHP’s supported timezones.

php

->timezone('Europe/London')

View source

Arguments

$value (string, null)

Returns

self

`tokenParam()`

Since: 4.2.0

The query string parameter name that Craft tokens should be set to.

php

->tokenParam('t')

View source

Arguments

$value (string)

Returns

self

`transformGifs()`

Since: 4.2.0

Whether GIF files should be cleansed/transformed.

php

->transformGifs(false)

View source

Arguments

$value (boolean)

Returns

self

`transformSvgs()`

Since: 4.2.0

Whether SVG files should be transformed.

php

->transformSvgs(false)

View source

Arguments

$value (boolean)

Returns

self

`translationDebugOutput()`

Since: 4.2.0

Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the |translate filter.

php

->translationDebugOutput(true)

View source

Arguments

$value (boolean)

Returns

self

`trustedHosts()`

Since: 4.2.0

The configuration for trusted security-related headers.

See yii\web\Request::$trustedHosts for more details.

By default, all hosts are trusted.

php

->trustedHosts(['trusted-one.foo', 'trusted-two.foo'])

View source

Arguments

$value (array)

Returns

self

`upscaleImages()`

Since: 4.2.0

Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.

php

->upscaleImages(false)

View source

Arguments

$value (boolean)

Returns

self

`useEmailAsUsername()`

Since: 4.2.0

Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.

If you enable this setting after user accounts already exist, run this terminal command to update existing usernames:

bash

php craft utils/update-usernames

php

->useEmailAsUsername(true)

View source

Arguments

$value (boolean)

Returns

self

`useFileLocks()`

Since: 4.2.0

Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.

Some file systems, such as NFS, do not support exclusive file locking.

If null, Craft will try to detect if the underlying file system supports exclusive file locking and cache the results.

php

->useFileLocks(false)

Arguments

$value (boolean, null)

Returns

self

`useIframeResizer()`

Since: 4.2.0

Whether iFrame Resizer options should be used for Live Preview.

Using iFrame Resizer makes it possible for Craft to retain the preview’s scroll position between page loads, for cross-origin web pages.

TIP

You can customize the behavior of iFrame Resizer via the config4:previewIframeResizerOptions config setting.

php

->useIframeResizer(true)

View source

Arguments

$value (boolean)

Returns

self

`usePathInfo()`

Since: 4.2.0

Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.

This setting only takes effect if config4:omitScriptNameInUrls is set to false.

php

->usePathInfo(true)

View source

Arguments

$value (boolean)

Returns

self

`useSecureCookies()`

Since: 4.2.0

Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.

php

->useSecureCookies(true)

View source

Arguments

$value (boolean, string)

Returns

self

`useSslOnTokenizedUrls()`

Since: 4.2.0

If set to false, Craft will always use http. If set to true, then, Craft will always use https.

php

->useSslOnTokenizedUrls(true)

View source

Arguments

$value (boolean, string)

Returns

self

`userSessionDuration()`

Since: 4.2.0

The amount of time before a user will get logged out due to inactivity.

Set to 0 if you want users to stay logged in as long as their browser is open rather than a predetermined amount of time.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

// 3 hours
->userSessionDuration(10800)

View source

Arguments

$value (mixed)

Returns

self

`verificationCodeDuration()`

Since: 4.2.0

The amount of time a user verification code can be used before expiring.

See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.

php

// 1 hour
->verificationCodeDuration(3600)

View source

Arguments

$value (mixed)

Returns

self

`verifyEmailPath()`

Since: 4.2.0

The URI or URL that Craft should use for email verification links on the front end.

This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->verifyEmailPath('verify-email')

Arguments

$value (mixed)

Returns

self

`verifyEmailSuccessPath()`

Since: 4.2.0

The URI that users without access to the control panel should be redirected to after verifying a new email address.

See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.

php

->verifyEmailSuccessPath('verified-email')

Arguments

$value (mixed)

Returns

self

Protected Methods

Method	Description
defineBehaviors()	Returns the behaviors to attach to this class.
defineRules()	Returns the validation rules for attributes.
extractFieldsFor()	Extract nested fields from a fields collection for a given root field Nested fields are separated with dots (.). e.g: "item.id" The previous example would extract "id".
extractRootFields()	Extracts the root field names from nested fields.
resolveFields()	Determines which fields can be returned by toArray().

Constants

Constant	Description
`CAMEL_CASE`
`IMAGE_DRIVER_AUTO`
`IMAGE_DRIVER_GD`
`IMAGE_DRIVER_IMAGICK`
`PASCAL_CASE`
`SCENARIO_DEFAULT`	The name of the default scenario.
`SNAKE_CASE`

utils

addresses

assets

categories

entries

tags

users

elements

mutations

elements

elements

mutations

elements

generators

input

criteria

elements

arrayable

components

controllers

elements

gql

models

serializable

admintable

assetindexes

axios

clearcaches

conditionbuilder

cp

craftsupport

d3

dashboard

datepickeri18n

dbbackup

deprecationerrors

editsection

edittransform

edituser

elementresizedetector

fabric

feed

fields

fieldsettings

fileupload

findreplace

focalpoint

focusvisible

garnish

generalsettings

graphiql

htmx

iframeresizer

inputmask

installer

jquerypayment

jquerytouchevents

jqueryui

login

matrix

matrixsettings

money

newusers

picturefill

plugins

pluginstore

prismjs

queuemanager

quickpost

recententries

routes

selectize

sites

systemmessages

tablesettings

tailwindreset

timepicker

updater