GeneralConfig
- Type
- Class
- Namespace
- craft\config
- Inherits
- craft\config\GeneralConfig » craft\config\BaseConfig » craft\base\Model » yii\base\Model » yii\base\Component » yii\base\BaseObject
- Implements
- ArrayAccess, IteratorAggregate, craft\base\ModelInterface, yii\base\Arrayable, yii\base\Configurable, yii\base\StaticInstanceInterface
- Uses traits
- craft\base\ClonefixTrait, yii\base\ArrayableTrait, yii\base\StaticInstanceTrait
- Since
- 3.0.0
General config class
Public Properties
Property | Description |
---|---|
accessibilityDefaults | array – The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet. |
actionTrigger | string – The URI segment Craft should look for when determining if the current request should be routed to a controller action. |
activateAccountSuccessPath | mixed – The URI that users without access to the control panel should be redirected to after activating their account. |
activeValidators | yii\validators\Validator – The validators applicable to the current scenario. |
addTrailingSlashesToUrls | boolean – Whether auto-generated URLs should have trailing slashes. |
aliases | `array<string,string |
allowAdminChanges | boolean – Whether admins should be allowed to make administrative changes to the system. |
allowSimilarTags | boolean – Whether users should be allowed to create similarly-named tags. |
allowUpdates | boolean – Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store. |
allowUppercaseInSlug | boolean – Whether uppercase letters should be allowed in slugs. |
allowedFileExtensions | string[] – The file extensions Craft should allow when a user is uploading files. |
allowedGraphqlOrigins | string[], null, false – The Ajax origins that should be allowed to access the GraphQL API, if enabled. |
asyncCsrfInputs | boolean – Whether CSRF values should be injected via JavaScript for greater cache-ability. |
attributes | array – Attribute values (name => value). |
autoLoginAfterAccountActivation | boolean – Whether users should automatically be logged in after activating their account or resetting their password. |
autosaveDrafts | boolean – Whether drafts should be saved automatically as they are edited. |
backupCommand | string, null, false, Closure – The shell command that Craft should execute to create a database backup. |
backupCommandFormat | string, null – The output format that database backups should use (PostgreSQL only). |
backupOnUpdate | boolean – Whether Craft should create a database backup before applying a new system update. |
baseCpUrl | string, null – The base URL Craft should use when generating control panel URLs. |
behaviors | yii\base\Behavior – List of behaviors attached to this component. |
blowfishHashCost | integer – The higher the cost value, the longer it takes to generate a password hash and to verify against it. |
brokenImagePath | string, null – The server path to an image file that should be sent when responding to an image request with a 404 status code. |
buildId | string, null – A unique ID representing the current build of the codebase. |
cacheDuration | mixed – The default length of time Craft will store data, RSS feed, and template caches. |
convertFilenamesToAscii | boolean – Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñ → n ). |
cooldownDuration | mixed – The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts. |
cpHeadTags | array – List of additional HTML tags that should be included in the <head> of control panel pages. |
cpTrigger | string, null – The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website. |
csrfTokenName | string – The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true . |
defaultCookieDomain | string – The domain that cookies generated by Craft should be created for. |
defaultCountryCode | string – The two-letter country code that addresses will be set to by default. |
defaultCpLanguage | string, null – The default language the control panel should use for users who haven’t set a preferred language yet. |
defaultCpLocale | string, null – The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale. |
defaultDirMode | mixed – The default permission to be set for newly-generated directories. |
defaultFileMode | integer, null – The default permission to be set for newly-generated files. |
defaultImageQuality | integer – The quality level Craft will use when saving JPG and PNG files. |
defaultSearchTermOptions | array – The default options that should be applied to each search term. |
defaultTemplateExtensions | string[] – The template file extensions Craft will look for when matching a template path to a file on the front end. |
defaultTokenDuration | mixed – The default amount of time tokens can be used before expiring. |
defaultWeekStartDay | integer – The default day new users should have set as their Week Start Day. |
deferPublicRegistrationPassword | boolean – By default, Craft requires a front-end “password” field for public user registrations. |
devMode | boolean – Whether the system should run in Dev Mode. |
disableGraphqlTransformDirective | boolean – Whether the transform directive should be disabled for the GraphQL API. |
disabledPlugins | string[], string, null – Array of plugin handles that should be disabled, regardless of what the project config says. |
disabledUtilities | string[] – Array of utility IDs that should be disabled. |
disallowRobots | boolean – Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers. |
elevatedSessionDuration | mixed – The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment). |
enableBasicHttpAuth | boolean – Whether front-end web requests should support basic HTTP authentication. |
enableCsrfCookie | boolean – Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. |
enableCsrfProtection | boolean – Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft. |
enableGql | boolean – Whether the GraphQL API should be enabled. |
enableGraphqlCaching | boolean – Whether Craft should cache GraphQL queries. |
enableGraphqlIntrospection | boolean – Whether GraphQL introspection queries are allowed. |
enableTemplateCaching | boolean – Whether to enable Craft’s template {% cache %} tag on a global basis. |
errorTemplatePrefix | string – The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template. |
errors | array – Errors for all attributes or the specified attribute. |
extraAllowedFileExtensions | string[], null – List of file extensions that will be merged into the config4:allowedFileExtensions config setting. |
extraAppLocales | string[], null – List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language. |
extraFileKinds | array – List of additional file kinds Craft should support. |
extraLastNamePrefixes | string[] – Any additional last name prefixes that should be supported by the name parser. |
extraNameSalutations | string[] – Any additional name salutations that should be supported by the name parser. |
extraNameSuffixes | string[] – Any additional name suffixes that should be supported by the name parser. |
filenameWordSeparator | string, false – The string to use to separate words when uploading assets. |
firstErrors | array – The first errors. |
generateTransformsBeforePageLoad | boolean – Whether image transforms should be generated before page load. |
gqlTypePrefix | string – Prefix to use for all type names returned by GraphQL. |
handleCasing | string – The casing to use for autogenerated component handles. |
headlessMode | boolean – Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations. |
httpProxy | string, null – The proxy server that should be used for outgoing HTTP requests. |
imageDriver | mixed – The image driver Craft should use to cleanse and transform images. |
imageEditorRatios | array – An array containing the selectable image aspect ratios for the image editor. |
indexTemplateFilenames | string[] – The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end. |
invalidLoginWindowDuration | mixed – The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account. |
invalidUserTokenPath | mixed – The URI Craft should redirect to when user token validation fails. |
ipHeaders | string[], null – List of headers where proxies store the real client IP. |
isSystemLive | boolean, null – Whether the site is currently live. |
iterator | ArrayIterator – An iterator for traversing the items in the list. |
lazyGqlTypes | boolean – Whether GraphQL types should be generated lazily. |
limitAutoSlugsToAscii | boolean – Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n). |
loginPath | mixed – The URI Craft should use for user login on the front end. |
logoutPath | mixed – The URI Craft should use for user logout on the front end. |
maxBackups | integer, false – The number of backups Craft should make before it starts deleting the oldest backups. |
maxCachedCloudImageSize | integer – The maximum dimension size to use when caching images from external sources to use in transforms. |
maxGraphqlBatchSize | integer – The maximum allowed GraphQL queries that can be executed in a single batched request. |
maxGraphqlComplexity | integer – The maximum allowed complexity a GraphQL query is allowed to have. |
maxGraphqlDepth | integer – The maximum allowed depth a GraphQL query is allowed to reach. |
maxGraphqlResults | integer – The maximum allowed results for a single GraphQL query. |
maxInvalidLogins | integer, false – The number of invalid login attempts Craft will allow within the specified duration before the account gets locked. |
maxRevisions | integer, null – The maximum number of revisions that should be stored for each element. |
maxSlugIncrement | integer – The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error. |
maxUploadFileSize | integer, string – The maximum upload file size allowed. |
omitScriptNameInUrls | boolean – Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path ) This can only be possible if your server is configured to redirect would-be 404s to index.php , for example, with the redirect found in the .htaccess file that came with Craft: RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.+) /index.php?p=$1 [QSA,L] ::: code php Static Config ->omitScriptNameInUrls(true) shell Environment Override CRAFT_OMIT_SCRIPT_NAME_IN_URLS=true ::: ::: tip Even when this is set to true , the script name could still be included in some action URLs. |
optimizeImageFilesize | boolean – Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. |
pageTrigger | string – The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages. |
passwordPath | mixed |
passwordRequestPath | mixed |
passwordSuccessPath | mixed |
pathParam | string, null – The query string param that Craft will check when determining the request’s path. |
permissionsPolicyHeader | string, null – The Permissions-Policy header that should be sent for site responses. |
phpMaxMemoryLimit | string, null – The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. |
phpSessionName | string – The name of the PHP session cookie. |
postCpLoginRedirect | mixed – The path users should be redirected to after logging into the control panel. |
postLoginRedirect | mixed – The path users should be redirected to after logging in from the front-end site. |
postLogoutRedirect | mixed – The path that users should be redirected to after logging out from the front-end site. |
prefixGqlRootTypes | boolean – Whether the config4:gqlTypePrefix config setting should have an impact on query , mutation , and subscription types. |
preloadSingles | boolean – Whether Single section entries should be preloaded for Twig templates. |
preserveCmykColorspace | boolean – Whether CMYK should be preserved as the colorspace when manipulating images. |
preserveExifData | boolean – Whether the EXIF data should be preserved when manipulating and uploading images. |
preserveImageColorProfiles | boolean – Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images. |
preventUserEnumeration | boolean – When true , Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users. |
previewIframeResizerOptions | array – Custom iFrame Resizer options that should be used for preview iframes. |
previewTokenDuration | mixed – The amount of time content preview tokens can be used before expiring. |
privateTemplateTrigger | string – The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL. |
purgePendingUsersDuration | mixed – The amount of time to wait before Craft purges pending users from the system that have not activated. |
purgeStaleUserSessionDuration | mixed – The amount of time to wait before Craft purges stale user sessions from the sessions table in the database. |
purgeUnsavedDraftsDuration | mixed – The amount of time to wait before Craft purges unpublished drafts that were never updated with content. |
rasterizeSvgThumbs | boolean – Whether SVG thumbnails should be rasterized. |
rememberUsernameDuration | mixed – The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page. |
rememberedUserSessionDuration | mixed – The amount of time a user stays logged if “Remember Me” is checked on the login page. |
requireMatchingUserAgentForSession | boolean – Whether Craft should require a matching user agent string when restoring a user session from a cookie. |
requireUserAgentAndIpForSession | boolean – Whether Craft should require the existence of a user agent string and IP address when creating a new user session. |
resourceBasePath | string – The path to the root directory that should store published control panel resources. |
resourceBaseUrl | string – The URL to the root directory that should store published control panel resources. |
restoreCommand | string, null, false, Closure – The shell command Craft should execute to restore a database backup. |
revAssetUrls | boolean – Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified. |
rotateImagesOnUploadByExifData | boolean – Whether Craft should rotate images according to their EXIF data on upload. |
runQueueAutomatically | boolean – Whether Craft should run pending queue jobs automatically when someone visits the control panel. |
safeMode | boolean – Whether the system should run in Safe Mode. |
sameSiteCookieValue | string, null – The SameSite value that should be set on Craft cookies, if any. |
sanitizeCpImageUploads | boolean – Whether images uploaded via the control panel should be sanitized. |
sanitizeSvgUploads | boolean – Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content. |
scenario | string – The scenario that this model is in. |
secureHeaders | array, null – Lists of headers that are, by default, subject to the trusted host configuration. |
secureProtocolHeaders | array, null – List of headers to check for determining whether the connection is made via HTTPS. |
securityKey | string – A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security. |
sendContentLengthHeader | boolean – Whether a Content-Length header should be sent with responses. |
sendPoweredByHeader | boolean – Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft. |
setGraphqlDatesToSystemTimeZone | boolean – Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC. |
setPasswordPath | mixed – The URI or URL that Craft should use for Set Password forms on the front end. |
setPasswordRequestPath | mixed – The URI to the page where users can request to change their password. |
setPasswordSuccessPath | mixed – The URI Craft should redirect users to after setting their password from the front end. |
showFirstAndLastNameFields | boolean – Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields. |
siteToken | string – The query string parameter name that site tokens should be set to. |
slugWordSeparator | string – The character(s) that should be used to separate words in slugs. |
softDeleteDuration | mixed – The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection. |
storeUserIps | boolean – Whether user IP addresses should be stored/logged by the system. |
testToEmailAddress | string, array, null, false – Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes. |
timezone | string, null – The timezone of the site. |
tokenParam | string – The query string parameter name that Craft tokens should be set to. |
transformGifs | boolean – Whether GIF files should be cleansed/transformed. |
transformSvgs | boolean – Whether SVG files should be transformed. |
translationDebugOutput | boolean – Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the ` |
trustedHosts | array – The configuration for trusted security-related headers. |
upscaleImages | boolean – Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions. |
useEmailAsUsername | boolean – Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately. |
useFileLocks | boolean, null – Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag. |
useIframeResizer | boolean – Whether iFrame Resizer options should be used for Live Preview. |
usePathInfo | boolean – Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs. |
useSecureCookies | boolean, string – Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie. |
useSslOnTokenizedUrls | boolean, string – Determines what protocol/schema Craft will use when generating tokenized URLs. |
userSessionDuration | mixed – The amount of time before a user will get logged out due to inactivity. |
validators | ArrayObject, yii\validators\Validator – All the validators declared in the model. |
verificationCodeDuration | mixed – The amount of time a user verification code can be used before expiring. |
verifyEmailPath | mixed – The URI or URL that Craft should use for email verification links on the front end. |
verifyEmailSuccessPath | mixed – The URI that users without access to the control panel should be redirected to after verifying a new email address. |
accessibilityDefaults
- Type
- array
- Default value
[ 'alwaysShowFocusRings' => false, 'useShapes' => false, 'underlineLinks' => false, 'notificationDuration' => 5000, ]
- Since
- 3.6.4
The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
The array can contain the following keys:
alwaysShowFocusRings
- Whether focus rings should always be shown when an element has focus.useShapes
– Whether shapes should be used to represent statuses.underlineLinks
– Whether links should be underlined.notificationDuration
– How long notifications should be shown before they disappear automatically (in milliseconds). Set to0
to show them indefinitely.
->accessibilityDefaults([
'useShapes' => true,
])
actionTrigger
- Type
- string
- Default value
'actions'
The URI segment Craft should look for when determining if the current request should be routed to a controller action.
::: code
->actionTrigger('do-it')
CRAFT_ACTION_TRIGGER=do-it
:::
activateAccountSuccessPath
- Type
mixed
- Default value
''
The URI that users without access to the control panel should be redirected to after activating their account.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->activateAccountSuccessPath('welcome')
CRAFT_ACTIVATE_ACCOUNT_SUCCESS_PATH=welcome
:::
See also getActivateAccountSuccessPath()
addTrailingSlashesToUrls
- Type
- boolean
- Default value
false
Whether auto-generated URLs should have trailing slashes.
::: code
->addTrailingSlashesToUrls(true)
CRAFT_ADD_TRAILING_SLASHES_TO_URLS=true
:::
aliases
- Type
array<string,string|null>
- Default value
[]
Any custom Yii aliases that should be defined for every request.
->aliases([
'@webroot' => '/var/www/',
])
allowAdminChanges
- Type
- boolean
- Default value
true
- Since
- 3.1.0
Whether admins should be allowed to make administrative changes to the system.
When this is disabled, the Settings section will be hidden, the Craft edition and Craft/plugin versions will be locked, and the project config and Plugin Store will become read-only—though Craft and plugin licenses may still be purchased.
It’s best to disable this in production environments with a deployment workflow that runs composer install
and propagates project config updates on deploy.
WARNING
Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.
::: code
->allowAdminChanges(false)
CRAFT_ALLOW_ADMIN_CHANGES=false
:::
allowSimilarTags
- Type
- boolean
- Default value
false
Whether users should be allowed to create similarly-named tags.
::: code
->allowSimilarTags(true)
CRAFT_ALLOW_SIMILAR_TAGS=true
:::
allowUpdates
- Type
- boolean
- Default value
true
Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
This setting will automatically be disabled if config4:allowAdminChanges is disabled.
::: code
->allowUpdates(false)
CRAFT_ALLOW_UPDATES=false
:::
allowUppercaseInSlug
- Type
- boolean
- Default value
false
Whether uppercase letters should be allowed in slugs.
::: code
->allowUppercaseInSlug(true)
CRAFT_ALLOW_UPPERCASE_IN_SLUG=true
:::
allowedFileExtensions
- Type
- string[]
- Default value
[ '7z', 'aiff', 'asc', 'asf', 'avi', 'avif', 'bmp', 'cap', 'cin', 'csv', 'dfxp', 'doc', 'docx', 'dotm', 'dotx', 'fla', 'flv', 'gif', 'gz', 'gzip', 'heic', 'heif', 'hevc', 'itt', 'jp2', 'jpeg', 'jpg', 'jpx', 'js', 'json', 'lrc', 'm2t', 'm4a', 'm4v', 'mcc', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'mpsub', 'ods', 'odt', 'ogg', 'ogv', 'pdf', 'png', 'potx', 'pps', 'ppsm', 'ppsx', 'ppt', 'pptm', 'pptx', 'ppz', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rt', 'rtf', 'sami', 'sbv', 'scc', 'sdc', 'sitd', 'smi', 'srt', 'stl', 'sub', 'svg', 'swf', 'sxc', 'sxw', 'tar', 'tds', 'tgz', 'tif', 'tiff', 'ttml', 'txt', 'vob', 'vsd', 'vtt', 'wav', 'webm', 'webp', 'wma', 'wmv', 'xls', 'xlsx', 'zip', ]
The file extensions Craft should allow when a user is uploading files.
// Nothing bug GIFs!
->allowedFileExtensions([
'gif',
])
See also extraAllowedFileExtensions()
allowedGraphqlOrigins
DEPRECATED
Deprecated in 4.11.0. craft\filters\Cors should be used instead.
The Ajax origins that should be allowed to access the GraphQL API, if enabled.
If this is set to an array, then graphql/api
requests will only include the current request’s origin in the Access-Control-Allow-Origin
response header if it’s listed here.
If this is set to false
, then the Access-Control-Allow-Origin
response header will never be sent.
::: code
->allowedGraphqlOrigins(false)
CRAFT_ALLOW_GRAPHQL_ORIGINS=false
:::
See also https://www.yiiframework.com/doc/api/2.0/yii-filters-cors
asyncCsrfInputs
- Type
- boolean
- Default value
false
- Since
- 4.9.0
Whether CSRF values should be injected via JavaScript for greater cache-ability.
::: code
->asyncCsrfInputs(true)
CRAFT_ASYNC_CSRF_INPUTS=true
:::
autoLoginAfterAccountActivation
- Type
- boolean
- Default value
false
Whether users should automatically be logged in after activating their account or resetting their password.
::: code
->autoLoginAfterAccountActivation(true)
CRAFT_ALLOW_AUTO_LOGIN_AFTER_ACCOUNT_ACTIVATION=true
:::
autosaveDrafts
DEPRECATED
Deprecated in 4.0.0
- Type
- boolean
- Default value
true
- Since
- 3.5.6
Whether drafts should be saved automatically as they are edited.
Note that drafts will be autosaved while Live Preview is open, regardless of this setting.
::: code
CRAFT_AUTOSAVE_DRAFTS=false
:::
backupCommand
The shell command that Craft should execute to create a database backup.
When set to null
(default), Craft will run mysqldump
or pg_dump
, provided that those libraries are in the $PATH
variable for the system user running the web server.
You may provide your own command, which can include several tokens Craft will substitute at runtime:
{file}
- the target backup file path{port}
- the current database port{server}
- the current database hostname{user}
- user that was used to connect to the database{password}
- password for the specified{user}
{database}
- the current database name{schema}
- the current database schema (if any)
This can also be set to false
to disable database backups completely.
::: code
->backupCommand(false)
CRAFT_BACKUP_COMMAND=false
:::
backupCommandFormat
The output format that database backups should use (PostgreSQL only).
This setting has no effect with MySQL databases.
Valid options are custom
, directory
, tar
, or plain
. When set to null
(default), pg_restore
will default to plain
See also https://www.postgresql.org/docs/current/app-pgdump.html – ::: code
->backupCommandFormat('custom')
CRAFT_BACKUP_COMMAND_FORMAT=custom
:::
backupOnUpdate
- Type
- boolean
- Default value
true
Whether Craft should create a database backup before applying a new system update.
::: code
->backupOnUpdate(false)
CRAFT_BACKUP_ON_UPDATE=false
:::
See also backupCommand()
baseCpUrl
The base URL Craft should use when generating control panel URLs.
It will be determined automatically if left blank.
TIP
The base control panel URL should not include the control panel trigger word (e.g. /admin
).
::: code
->baseCpUrl('https://cms.my-project.tld/')
CRAFT_BASE_CP_URL=https://cms.my-project.tld/
:::
blowfishHashCost
- Type
- integer
- Default value
13
The higher the cost value, the longer it takes to generate a password hash and to verify against it.
Therefore, higher cost slows down a brute-force attack.
For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.
The time taken to compute the hash doubles for every increment by one for this value.
For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.
::: code
->blowfishHashCost(15)
CRAFT_BLOWFISH_HASH_COST=15
:::
brokenImagePath
The server path to an image file that should be sent when responding to an image request with a 404 status code.
This can be set to an aliased path such as @webroot/assets/404.svg
.
::: code
->brokenImagePath('@webroot/assets/404.svg')
CRAFT_BROKEN_IMAGE_PATH=@webroot/assets/404.svg
:::
buildId
A unique ID representing the current build of the codebase.
This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.
::: code
->buildId(\craft\helpers\App::env('GIT_SHA'))
CRAFT_BUILD_ID=$GIT_SHA
:::
cacheDuration
- Type
mixed
- Default value
86400
(1 day)
The default length of time Craft will store data, RSS feed, and template caches.
If set to 0
, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
->cacheDuration(0)
CRAFT_CACHE_DURATION=0
:::
convertFilenamesToAscii
- Type
- boolean
- Default value
false
Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñ
→ n
).
TIP
You can run php craft utils/ascii-filenames
in your terminal to apply ASCII filenames to all existing assets.
::: code
->convertFilenamesToAscii(false)
CRAFT_CONVERT_FILENAMES_TO_ASCII=false
:::
cooldownDuration
- Type
mixed
- Default value
300
(5 minutes)
The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
Set to 0
to keep the account locked indefinitely, requiring an admin to manually unlock the account.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
->cooldownDuration(0)
CRAFT_COOLDOWN_DURATION=0
:::
cpHeadTags
- Type
- array
- Default value
[]
- Since
- 3.5.0
List of additional HTML tags that should be included in the <head>
of control panel pages.
Each tag can be specified as an array of the tag name and its attributes.
For example, you can give the control panel a custom favicon (etc.) like this:
->cpHeadTags([
// Traditional favicon
['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
// Scalable favicon for browsers that support them
['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
// Touch icon for mobile devices
['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
// Pinned tab icon for Safari
['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])
cpTrigger
The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
This can be set to null
if you have a dedicated hostname for the control panel (e.g. cms.my-project.tld
), or you are running Craft in Headless Mode. If you do that, you will need to ensure that the control panel is being served from its own web root directory on your server, with an index.php
file that defines the CRAFT_CP
PHP constant.
define('CRAFT_CP', true);
Alternatively, you can set the config4:baseCpUrl config setting, but then you will run the risk of losing access to portions of your control panel due to URI conflicts with actual folders/files in your main web root.
(For example, if you have an assets/
folder, that would conflict with the /assets
page in the control panel.)
::: code
->cpTrigger(null)
CRAFT_CP_TRIGGER=
:::
csrfTokenName
- Type
- string
- Default value
'CRAFT_CSRF_TOKEN'
The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true
.
::: code
->csrfTokenName('MY_CSRF')
CRAFT_CSRF_TOKEN_NAME=MY_CSRF
:::
See also enableCsrfProtection()
defaultCookieDomain
- Type
- string
- Default value
''
The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'
.
::: code
->defaultCookieDomain('.my-project.tld')
CRAFT_DEFAULT_COOKIE_DOMAIN=.my-project.tld
:::
defaultCountryCode
- Type
- string
- Default value
'US'
- Since
- 4.5.0
The two-letter country code that addresses will be set to by default.
See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for a list of acceptable country codes.
::: code
->defaultCountryCode('GB')
CRAFT_DEFAULT_COUNTRY_CODE=GB
:::
defaultCpLanguage
The default language the control panel should use for users who haven’t set a preferred language yet.
::: code
->defaultCpLanguage('en-US')
CRAFT_DEFAULT_CP_LANGUAGE=en-US
:::
defaultCpLocale
The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
If this is null
, the config4:defaultCpLanguage config setting will determine which locale is used for date/number formatting by default.
::: code
->defaultCpLocale('en-US')
CRAFT_DEFAULT_CP_LOCALE=en-US
:::
defaultDirMode
- Type
mixed
- Default value
0775
The default permission to be set for newly-generated directories.
If set to null
, the permission will be determined by the current environment.
::: code
->defaultDirMode(0744)
CRAFT_DEFAULT_DIR_MODE=0744
:::
defaultFileMode
The default permission to be set for newly-generated files.
If set to null
, the permission will be determined by the current environment.
::: code
->defaultFileMode(0744)
CRAFT_DEFAULT_FILE_MODE=0744
:::
defaultImageQuality
- Type
- integer
- Default value
82
The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).
::: code
->defaultImageQuality(90)
CRAFT_DEFAULT_IMAGE_QUALITY=90
:::
defaultSearchTermOptions
- Type
- array
- Default value
[]
The default options that should be applied to each search term.
Options include:
subLeft
– Whether to include keywords that contain the term, with additional characters before it. (false
by default)subRight
– Whether to include keywords that contain the term, with additional characters after it. (true
by default)exclude
– Whether search results should exclude records with this term. (false
by default)exact
– Whether the term must be an exact match (only applies if the search term specifies an attribute). (false
by default)
->defaultSearchTermOptions([
'subLeft' => true,
'exclude' => 'secret',
])
defaultTemplateExtensions
- Type
- string[]
- Default value
[ 'html', 'twig', ]
The template file extensions Craft will look for when matching a template path to a file on the front end.
::: code
->defaultTemplateExtensions(['html', 'twig', 'txt'])
CRAFT_DEFAULT_TEMPLATE_EXTENSIONS=html,twig,txt
:::
defaultTokenDuration
- Type
mixed
- Default value
86400
(1 day)
The default amount of time tokens can be used before expiring.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
// One week
->defaultTokenDuration(604800)
# One week
CRAFT_DEFAULT_TOKEN_DURATION=604800
:::
defaultWeekStartDay
- Type
- integer
- Default value
1
(Monday)
The default day new users should have set as their Week Start Day.
This should be set to one of the following integers:
0
– Sunday1
– Monday2
– Tuesday3
– Wednesday4
– Thursday5
– Friday6
– Saturday
::: code
->defaultWeekStartDay(0)
CRAFT_DEFAULT_WEEK_START_DAY=0
:::
deferPublicRegistrationPassword
- Type
- boolean
- Default value
false
By default, Craft requires a front-end “password” field for public user registrations. Setting this to true
removes that requirement for the initial registration form.
If you have email verification enabled, new users will set their password once they’ve followed the verification link in the email. If you don’t, the only way they can set their password is to go through your “forgot password” workflow.
::: code
->deferPublicRegistrationPassword(true)
CRAFT_DEFER_PUBLIC_REGISTRATION_PASSWORD=true
:::
devMode
- Type
- boolean
- Default value
false
Whether the system should run in Dev Mode.
::: code
->devMode(true)
CRAFT_DEV_MODE=true
:::
disableGraphqlTransformDirective
- Type
- boolean
- Default value
false
- Since
- 3.6.0
Whether the transform
directive should be disabled for the GraphQL API.
::: code
->disableGraphqlTransformDirective(true)
CRAFT_DISABLE_GRAPHQL_TRANSFORM_DIRECTIVE=true
:::
disabledPlugins
Array of plugin handles that should be disabled, regardless of what the project config says.
->disabledPlugins([
'webhooks',
])
This can also be set to '*'
to disable all plugins.
->disabledPlugins('*')
WARNING
This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.
::: code
->disabledPlugins([
'redactor',
'webhooks',
])
CRAFT_DISABLED_PLUGINS=redactor,webhooks
:::
disabledUtilities
- Type
- string[]
- Default value
[]
- Since
- 4.6.0
Array of utility IDs that should be disabled.
::: code
->disabledUtilities([
'updates',
'find-replace',
])
CRAFT_DISABLED_UTILITIES=updates,find-replace
:::
disallowRobots
- Type
- boolean
- Default value
false
- Since
- 3.5.10
Whether front end requests should respond with X-Robots-Tag: none
HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
TIP
This should be set to true
for development and staging environments.
::: code
->disallowRobots(true)
CRAFT_DISALLOW_ROBOTS=true
:::
elevatedSessionDuration
- Type
mixed
- Default value
300
(5 minutes)
The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
Set to 0
to disable elevated session support.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
->elevatedSessionDuration(0)
CRAFT_ELEVATED_SESSION_DURATION=0
:::
enableBasicHttpAuth
DEPRECATED
Deprecated in 4.13.0. craft\filters\BasicHttpAuthLogin should be used instead.
- Type
- boolean
- Default value
false
- Since
- 3.5.0
Whether front-end web requests should support basic HTTP authentication.
::: code
->enableBasicHttpAuth(true)
CRAFT_ENABLE_BASIC_HTTP_AUTH=true
:::
enableCsrfCookie
- Type
- boolean
- Default value
true
Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName
config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.
::: code
->enableCsrfCookie(false)
CRAFT_ENABLE_CSRF_COOKIE=false
:::
See also enableCsrfProtection()
enableCsrfProtection
- Type
- boolean
- Default value
true
Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
::: code
->enableCsrfProtection(false)
CRAFT_ENABLE_CSRF_PROTECTION=false
:::
See also:
enableGql
- Type
- boolean
- Default value
true
- Since
- 3.3.1
Whether the GraphQL API should be enabled.
The GraphQL API is only available for Craft Pro.
::: code
->enableGql(false)
CRAFT_ENABLE_GQL=false
:::
enableGraphqlCaching
- Type
- boolean
- Default value
true
- Since
- 3.3.12
Whether Craft should cache GraphQL queries.
If set to true
, Craft will cache the results for unique GraphQL queries per access token. The cache is automatically invalidated any time an element is saved, the site structure is updated, or a GraphQL schema is saved.
This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result
property.
::: code
->enableGraphqlCaching(false)
CRAFT_ENABLE_GRAPHQL_CACHING=false
:::
enableGraphqlIntrospection
- Type
- boolean
- Default value
true
- Since
- 3.6.0
Whether GraphQL introspection queries are allowed. Defaults to true
and is always allowed in the control panel.
::: code
->enableGraphqlIntrospection(false)
CRAFT_ENABLE_GRAPHQL_INTROSPECTION=false
:::
enableTemplateCaching
- Type
- boolean
- Default value
true
Whether to enable Craft’s template {% cache %}
tag on a global basis.
::: code
->enableTemplateCaching(false)
CRAFT_ENABLE_TEMPLATE_CACHING=false
:::
See also https://craftcms.com/docs/templating/cache
errorTemplatePrefix
- Type
- string
- Default value
''
The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
If set to '_'
your site’s 404 template would live at templates/_404.twig
, for example.
::: code
->errorTemplatePrefix('_')
CRAFT_ERROR_TEMPLATE_PREFIX=_
:::
extraAllowedFileExtensions
List of file extensions that will be merged into the config4:allowedFileExtensions config setting.
::: code
->extraAllowedFileExtensions(['mbox', 'xml'])
CRAFT_EXTRA_ALLOWED_FILE_EXTENSIONS=mbox,xml
:::
See also allowedFileExtensions()
extraAppLocales
List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
::: code
->extraAppLocales(['uk'])
CRAFT_EXTRA_APP_LOCALES=uk
:::
extraFileKinds
- Type
- array
- Default value
[]
- Since
- 3.0.37
List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds()
.
->extraFileKinds([
// merge .psb into list of Photoshop file kinds
'photoshop' => [
'extensions' => ['psb'],
],
// register new "Stylesheet" file kind
'stylesheet' => [
'label' => 'Stylesheet',
'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
],
])
TIP
File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions config setting.
extraLastNamePrefixes
- Type
- string[]
- Default value
[]
- Since
- 4.3.0
Any additional last name prefixes that should be supported by the name parser.
::: code
->extraLastNamePrefixes(['Dal', 'Van Der'])
CRAFT_EXTRA_LAST_NAME_PREFIXES="Dal,Van Der"
:::
extraNameSalutations
- Type
- string[]
- Default value
[]
- Since
- 4.3.0
Any additional name salutations that should be supported by the name parser.
::: code
->extraNameSalutations(['Lady', 'Sire'])
CRAFT_EXTRA_NAME_SALUTATIONS=Lady,Sire
:::
extraNameSuffixes
- Type
- string[]
- Default value
[]
- Since
- 4.3.0
Any additional name suffixes that should be supported by the name parser.
::: code
->extraNameSuffixes(['CCNA', 'OBE'])
CRAFT_EXTRA_NAME_SUFFIXES=CCNA,OBE
:::
filenameWordSeparator
The string to use to separate words when uploading assets. If set to false
, spaces will be left alone.
::: code
->filenameWordSeparator(false)
CRAFT_FILENAME_WORD_SEPARATOR=false
:::
generateTransformsBeforePageLoad
- Type
- boolean
- Default value
false
Whether image transforms should be generated before page load.
::: code
->generateTransformsBeforePageLoad(true)
CRAFT_GENERATE_TRANSFORMS_BEFORE_PAGE_LOAD=true
:::
gqlTypePrefix
- Type
- string
- Default value
''
Prefix to use for all type names returned by GraphQL.
::: code
->gqlTypePrefix('craft_')
CRAFT_GQL_TYPE_PREFIX=craft_
:::
handleCasing
- Type
- string
- Default value
self::CAMEL_CASE
- Since
- 3.6.0
The casing to use for autogenerated component handles.
headlessMode
- Type
- boolean
- Default value
false
- Since
- 3.3.0
Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
When this is enabled, the following changes will take place:
- Template settings for sections and category groups will be hidden.
- Template route management will be hidden.
- Front-end routing will skip checks for element and template requests.
- Front-end responses will be JSON-formatted rather than HTML by default.
- Twig will be configured to escape unsafe strings for JavaScript/JSON rather than HTML by default for front-end requests.
- The config4:loginPath, config4:logoutPath, config4:setPasswordPath, and config4:verifyEmailPath settings will be ignored.
TIP
With Headless Mode enabled, users may only set passwords and verify email addresses via the control panel. Be sure to grant “Access the control panel” permission to all content editors and administrators. You’ll also need to set the config4:baseCpUrl config setting if the control panel is located on a different domain than your front end.
::: code
->headlessMode(true)
CRAFT_HEADLESS_MODE=true
:::
httpProxy
The proxy server that should be used for outgoing HTTP requests.
This can be set to a URL (http://localhost
) or a URL plus a port (http://localhost:8125
).
::: code
->httpProxy('http://localhost')
CRAFT_HTTP_PROXY=http://localhost
:::
imageDriver
- Type
mixed
- Default value
self::IMAGE_DRIVER_AUTO
The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick'
or 'gd'
here to override that behavior.
::: code
->imageDriver('imagick')
CRAFT_IMAGE_DRIVER=imagick
:::
imageEditorRatios
- Type
- array
- Default value
[ 'Unconstrained' => 'none', 'Original' => 'original', 'Square' => 1, '16:9' => 1.78, '10:8' => 1.25, '7:5' => 1.4, '4:3' => 1.33, '5:3' => 1.67, '3:2' => 1.5, ]
An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label
=> ratio
, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.
->imageEditorRatios([
'Unconstrained' => 'none',
'Original' => 'original',
'Square' => 1,
'IMAX' => 1.9,
'Widescreen' => 1.78,
])
indexTemplateFilenames
- Type
- string[]
- Default value
[ 'index', ]
The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
::: code
->indexTemplateFilenames(['index', 'default'])
CRAFT_INDEX_TEMPLATE_FILENAMES=index,default
:::
invalidLoginWindowDuration
- Type
mixed
- Default value
3600
(1 hour)
The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
// 1 day
->invalidLoginWindowDuration(86400)
# 1 day
CRAFT_INVALID_LOGIN_WINDOW_DURATION=86400
:::
invalidUserTokenPath
- Type
mixed
- Default value
''
The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
// 1 day
->invalidUserTokenPath('nope')
# 1 day
CRAFT_INVALID_USER_TOKEN_PATH=nope
:::
See also getInvalidUserTokenPath()
ipHeaders
List of headers where proxies store the real client IP.
See yii\web\Request::$ipHeaders for more details.
If not set, the default craft\web\Request::$ipHeaders value will be used.
::: code
->ipHeaders(['X-Forwarded-For', 'CF-Connecting-IP'])
CRAFT_IP_HEADERS=X-Forwarded-For,CF-Connecting-IP
:::
isSystemLive
Whether the site is currently live. If set to true
or false
, it will take precedence over the System Status setting in Settings → General.
::: code
->isSystemLive(true)
CRAFT_IS_SYSTEM_LIVE=true
:::
lazyGqlTypes
- Type
- boolean
- Default value
false
- Since
- 4.11.0
Whether GraphQL types should be generated lazily.
::: code
->lazyGqlTypes(true)
CRAFT_LAZY_GQL_TYPES=true
:::
limitAutoSlugsToAscii
- Type
- boolean
- Default value
false
Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
TIP
This only affects the JavaScript auto-generated slugs. Non-ASCII characters can still be used in slugs if entered manually.
::: code
->limitAutoSlugsToAscii(true)
CRAFT_LIMIT_AUTO_SLUGS_TO_ASCII=true
:::
loginPath
- Type
mixed
- Default value
'login'
The URI Craft should use for user login on the front end.
This can be set to false
to disable front-end login.
Note that this config setting is ignored when config4:headlessMode is enabled.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->loginPath(false)
CRAFT_LOGIN_PATH=false
:::
See also getLoginPath()
logoutPath
- Type
mixed
- Default value
'logout'
The URI Craft should use for user logout on the front end.
This can be set to false
to disable front-end logout.
Note that this config setting is ignored when config4:headlessMode is enabled.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->logoutPath(false)
CRAFT_LOGOUT_PATH=false
:::
See also getLogoutPath()
maxBackups
The number of backups Craft should make before it starts deleting the oldest backups. If set to false
, Craft will not delete any backups.
::: code
->maxBackups(5)
CRAFT_MAX_BACKUPS=5
:::
maxCachedCloudImageSize
- Type
- integer
- Default value
2000
The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0
to never cache them.
::: code
->maxCachedCloudImageSize(0)
CRAFT_MAX_CACHED_CLOUD_IMAGE_SIZE=0
:::
maxGraphqlBatchSize
- Type
- integer
- Default value
0
- Since
- 4.5.5
The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0
to allow any number of queries.
::: code
->maxGraphqlBatchSize(5)
CRAFT_MAX_GRAPHQL_BATCH_SIZE=5
:::
maxGraphqlComplexity
- Type
- integer
- Default value
0
- Since
- 3.6.0
The maximum allowed complexity a GraphQL query is allowed to have. Set to 0
to allow any complexity.
::: code
->maxGraphqlComplexity(500)
CRAFT_MAX_GRAPHQL_COMPLEXITY=500
:::
maxGraphqlDepth
- Type
- integer
- Default value
0
- Since
- 3.6.0
The maximum allowed depth a GraphQL query is allowed to reach. Set to 0
to allow any depth.
::: code
->maxGraphqlDepth(5)
CRAFT_MAX_GRAPHQL_DEPTH=5
:::
maxGraphqlResults
- Type
- integer
- Default value
0
- Since
- 3.6.0
The maximum allowed results for a single GraphQL query. Set to 0
to disable any limits.
::: code
->maxGraphqlResults(100)
CRAFT_MAX_GRAPHQL_RESULTS=100
:::
maxInvalidLogins
The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
::: code
->maxInvalidLogins(3)
CRAFT_MAX_INVALID_LOGINS=3
:::
maxRevisions
The maximum number of revisions that should be stored for each element.
Set to 0
if you want to store an unlimited number of revisions.
::: code
->maxRevisions(25)
CRAFT_MAX_REVISIONS=25
:::
maxSlugIncrement
- Type
- integer
- Default value
100
The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
::: code
->maxSlugIncrement(10)
CRAFT_MAX_SLUG_INCREMENT=10
:::
maxUploadFileSize
The maximum upload file size allowed.
See craft\helpers\ConfigHelper::sizeInBytes() for a list of supported value types.
::: code
// 25MB
->maxUploadFileSize(26214400)
# 25MB
CRAFT_MAX_UPLOAD_FILE_SIZE=26214400
:::
omitScriptNameInUrls
- Type
- boolean
- Default value
false
Whether generated URLs should omit index.php
(e.g. http://my-project.tld/path
instead of http://my-project.tld/index.php/path
)
This can only be possible if your server is configured to redirect would-be 404s to index.php
, for example, with the redirect found in the .htaccess
file that came with Craft:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.+) /index.php?p=$1 [QSA,L]
::: code
->omitScriptNameInUrls(true)
CRAFT_OMIT_SCRIPT_NAME_IN_URLS=true
:::
TIP
Even when this is set to true
, the script name could still be included in some action URLs. If you want to ensure that index.php
is fully omitted from all generated URLs, set the config4:pathParam config setting to null
.
optimizeImageFilesize
- Type
- boolean
- Default value
true
Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)
::: code
->optimizeImageFilesize(false)
CRAFT_OPTIMIZE_IMAGE_FILESIZE=false
:::
See also imageDriver()
pageTrigger
- Type
- string
- Default value
'p'
The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
Example Value | Example URI |
---|---|
p | /news/p5 |
page | /news/page5 |
page/ | /news/page/5 |
?page | /news?page=5 |
TIP
If you want to set this to ?p
(e.g. /news?p=5
), you’ll also need to change your config4:pathParam setting which defaults to p
. If your server is running Apache, you’ll need to update the redirect code in your .htaccess
file to match your new pathParam
value.
::: code
->pageTrigger('page')
CRAFT_PAGE_TRIGGER=page
:::
See also getPageTrigger()
passwordPath
- Type
mixed
- Default value
null
- Access
- Write-only
- Since
- 4.2.0
passwordRequestPath
- Type
mixed
- Default value
null
- Access
- Write-only
- Since
- 4.2.0
passwordSuccessPath
- Type
mixed
- Default value
null
- Access
- Write-only
- Since
- 4.2.0
pathParam
The query string param that Craft will check when determining the request’s path.
This can be set to null
if your web server is capable of directing traffic to index.php
without a query string param. If you’re using Apache, that means you’ll need to change the RewriteRule
line in your .htaccess
file to:
RewriteRule (.+) index.php [QSA,L]
::: code
->pathParam(null)
CRAFT_PATH_PARAM=
:::
permissionsPolicyHeader
DEPRECATED
Deprecated in 4.11.0. craft\filters\Headers should be used instead.
The Permissions-Policy
header that should be sent for site responses.
::: code
->permissionsPolicyHeader('Permissions-Policy: geolocation=(self)')
CRAFT_PERMISSIONS_POLICY_HEADER=Permissions-Policy: geolocation=(self)
:::
phpMaxMemoryLimit
The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.
See https://php.net/manual/en/faq.using.php#faq.using.shorthandbytes for a list of acceptable values.
::: code
->phpMaxMemoryLimit('512M')
CRAFT_PHP_MAX_MEMORY_LIMIT=512M
:::
phpSessionName
- Type
- string
- Default value
'CraftSessionId'
The name of the PHP session cookie.
::: code
->phpSessionName(null)
CRAFT_PHP_SESSION_NAME=
:::
See also https://php.net/manual/en/function.session-name.php
postCpLoginRedirect
- Type
mixed
- Default value
'dashboard'
The path users should be redirected to after logging into the control panel.
This setting will also come into effect if a user visits the control panel’s login page (/admin/login
) or the control panel’s root URL (/admin
) when they are already logged in.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->postCpLoginRedirect('entries')
CRAFT_POST_CP_LOGIN_REDIRECT=entries
:::
See also getPostCpLoginRedirect()
postLoginRedirect
- Type
mixed
- Default value
''
The path users should be redirected to after logging in from the front-end site.
This setting will also come into effect if the user visits the login page (as specified by the config4:loginPath config setting) when they are already logged in.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->postLoginRedirect('welcome')
CRAFT_POST_LOGIN_REDIRECT=welcome
:::
See also getPostLoginRedirect()
postLogoutRedirect
- Type
mixed
- Default value
''
The path that users should be redirected to after logging out from the front-end site.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->postLogoutRedirect('goodbye')
CRAFT_POST_LOGOUT_REDIRECT=goodbye
:::
See also getPostLogoutRedirect()
prefixGqlRootTypes
- Type
- boolean
- Default value
true
- Since
- 3.6.6
Whether the config4:gqlTypePrefix config setting should have an impact on query
, mutation
, and subscription
types.
::: code
->prefixGqlRootTypes(false)
CRAFT_PREFIX_GQL_ROOT_TYPES=false
:::
preloadSingles
- Type
- boolean
- Default value
false
- Since
- 4.4.0
Whether Single section entries should be preloaded for Twig templates.
When enabled, Craft will make an educated guess on which Singles should be preloaded for each template based on the variable names that are referenced.
WARNING
You will need to clear your compiled templates from the Caches utility before this setting will take effect.
::: code
->preloadSingles()
CRAFT_PRELOAD_SINGLES=true
:::
preserveCmykColorspace
- Type
- boolean
- Default value
false
- Since
- 3.0.8
Whether CMYK should be preserved as the colorspace when manipulating images.
Setting this to true
will prevent Craft from transforming CMYK images to sRGB, but on some ImageMagick versions it can cause image color distortion. This will only have an effect if ImageMagick is in use.
::: code
->preserveCmykColorspace(true)
CRAFT_PRESERVE_CMYK_COLORSPACE=true
:::
preserveExifData
- Type
- boolean
- Default value
false
Whether the EXIF data should be preserved when manipulating and uploading images.
Setting this to true
will result in larger image file sizes.
This will only have effect if ImageMagick is in use.
::: code
->preserveExifData(true)
CRAFT_PRESERVE_EXIF_DATA=true
:::
preserveImageColorProfiles
- Type
- boolean
- Default value
true
Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
Setting this to false
will reduce the image size a little bit, but on some ImageMagick versions can cause images to be saved with an incorrect gamma value, which causes the images to become very dark. This will only have effect if ImageMagick is in use.
::: code
->preserveImageColorProfiles(false)
CRAFT_PRESERVE_IMAGE_COLOR_PROFILES=false
:::
preventUserEnumeration
- Type
- boolean
- Default value
false
When true
, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
When set to false
and you go through the “forgot password” flow from the control panel login page, you’ll get distinct messages indicating whether the username/email exists and whether an email was sent with further instructions. This can be helpful for the user attempting to log in but allow for username/email enumeration based on the response.
::: code
->preventUserEnumeration(true)
CRAFT_PREVENT_USER_ENUMERATION=true
:::
previewIframeResizerOptions
- Type
- array
- Default value
[]
- Since
- 3.5.0
Custom iFrame Resizer options that should be used for preview iframes.
->previewIframeResizerOptions([
'autoResize' => false,
])
previewTokenDuration
- Type
mixed
- Default value
null
(1 day)- Since
- 3.7.0
The amount of time content preview tokens can be used before expiring.
Defaults to config4:defaultTokenDuration value.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
// 1 hour
->previewTokenDuration(3600)
# 1 hour
CRAFT_PREVIEW_TOKEN_DURATION=3600
:::
privateTemplateTrigger
- Type
- string
- Default value
'_'
The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
Set to an empty value to disable public template routing.
::: code
->privateTemplateTrigger('')
CRAFT_PRIVATE_TEMPLATE_TRIGGER=
:::
purgePendingUsersDuration
- Type
mixed
- Default value
0
The amount of time to wait before Craft purges pending users from the system that have not activated.
Any content assigned to a pending user will be deleted as well when the given time interval passes.
Set to 0
to disable this feature.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
TIP
Users will only be purged when garbage collection is run.
::: code
// 2 weeks
->purgePendingUsersDuration(1209600)
# 2 weeks
CRAFT_PURGE_PENDING_USERS_DURATION=1209600
:::
purgeStaleUserSessionDuration
- Type
mixed
- Default value
7776000
(90 days)- Since
- 3.3.0
The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
Set to 0
to disable this feature.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
// 1 week
->purgeStaleUserSessionDuration(604800)
# 1 week
CRAFT_PURGE_STALE_USER_SESSION_DURATION=604800
:::
purgeUnsavedDraftsDuration
- Type
mixed
- Default value
2592000
(30 days)- Since
- 3.2.0
The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
Set to 0
to disable this feature.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
->purgeUnsavedDraftsDuration(0)
CRAFT_PURGE_UNSAVED_DRAFTS_DURATION=0
:::
rasterizeSvgThumbs
- Type
- boolean
- Default value
false
- Since
- 3.6.0
Whether SVG thumbnails should be rasterized.
This will only work if ImageMagick is installed, and config4:imageDriver is set to either auto
or imagick
.
::: code
->rasterizeSvgThumbs(true)
CRAFT_RASTERIZE_SVG_THUMBS=true
:::
rememberUsernameDuration
- Type
mixed
- Default value
31536000
(1 year)
The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
Set to 0
to disable this feature altogether.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
->rememberUsernameDuration(0)
CRAFT_REMEMBER_USERNAME_DURATION=0
:::
rememberedUserSessionDuration
- Type
mixed
- Default value
1209600
(14 days)
The amount of time a user stays logged if “Remember Me” is checked on the login page.
Set to 0
to disable the “Remember Me” feature altogether.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
->rememberedUserSessionDuration(0)
CRAFT_REMEMBERED_USER_SESSION_DURATION=0
:::
requireMatchingUserAgentForSession
- Type
- boolean
- Default value
true
Whether Craft should require a matching user agent string when restoring a user session from a cookie.
::: code
->requireMatchingUserAgentForSession(false)
CRAFT_REQUIRE_MATCHING_USER_AGENT_FOR_SESSION=false
:::
requireUserAgentAndIpForSession
- Type
- boolean
- Default value
true
Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
::: code
->requireUserAgentAndIpForSession(false)
CRAFT_REQUIRE_USER_AGENT_AND_IP_FOR_SESSION=false
:::
resourceBasePath
- Type
- string
- Default value
'@webroot/cpresources'
The path to the root directory that should store published control panel resources.
::: code
->resourceBasePath('@webroot/craft-resources')
CRAFT_RESOURCE_BASE_PATH=@webroot/craft-resources
:::
resourceBaseUrl
- Type
- string
- Default value
'@web/cpresources'
The URL to the root directory that should store published control panel resources.
::: code
->resourceBaseUrl('@web/craft-resources')
CRAFT_RESOURCE_BASE_URL=@web/craft-resources
:::
restoreCommand
The shell command Craft should execute to restore a database backup.
By default Craft will run mysql
or psql
, provided those libraries are in the $PATH
variable for the user the web server is running as.
There are several tokens you can use that Craft will swap out at runtime:
{path}
- the backup file path{port}
- the current database port{server}
- the current database hostname{user}
- the user to connect to the database{database}
- the current database name{schema}
- the current database schema (if any)
This can also be set to false
to disable database restores completely.
::: code
->restoreCommand(false)
CRAFT_RESTORE_COMMAND=false
:::
revAssetUrls
- Type
- boolean
- Default value
false
- Since
- 3.7.0
Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
::: code
->revAssetUrls(true)
CRAFT_REV_ASSET_URLS=true
:::
rotateImagesOnUploadByExifData
- Type
- boolean
- Default value
true
Whether Craft should rotate images according to their EXIF data on upload.
::: code
->rotateImagesOnUploadByExifData(false)
CRAFT_ROTATE_IMAGES_ON_UPLOAD_BY_EXIF_DATA=false
:::
runQueueAutomatically
- Type
- boolean
- Default value
true
Whether Craft should run pending queue jobs automatically when someone visits the control panel.
If disabled, an alternate queue worker must be set up separately, either as an always-running daemon, or a cron job that runs the queue/run
command every minute:
** * * * * /path/to/project/craft queue/run
TIP
This setting should be disabled for servers running Win32, or with Apache’s mod_deflate/mod_gzip installed, where PHP’s flush() method won’t work.
::: code
->runQueueAutomatically(false)
CRAFT_RUN_QUEUE_AUTOMATICALLY=false
:::
safeMode
- Type
- boolean
- Default value
false
- Since
- 4.9.0
Whether the system should run in Safe Mode.
Safe Mode disables all plugins and application config that can alter Craft's expected default behavior.
::: code
->safeMode(true)
CRAFT_SAFE_MODE=true
:::
sameSiteCookieValue
The SameSite value that should be set on Craft cookies, if any.
sanitizeCpImageUploads
- Type
- boolean
- Default value
true
- Since
- 3.6.0
Whether images uploaded via the control panel should be sanitized.
::: code
->sanitizeCpImageUploads(false)
CRAFT_SANITIZE_CP_IMAGE_UPLOADS=false
:::
sanitizeSvgUploads
- Type
- boolean
- Default value
true
Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
This should definitely be enabled if you are accepting SVG uploads from untrusted sources.
::: code
->sanitizeSvgUploads(false)
CRAFT_SANITIZE_SVG_UPLOADS=false
:::
secureHeaders
Lists of headers that are, by default, subject to the trusted host configuration.
See yii\web\Request::$secureHeaders for more details.
If not set, the default yii\web\Request::$secureHeaders value will be used.
::: code
->secureHeaders([
'X-Forwarded-For',
'X-Forwarded-Host',
'X-Forwarded-Proto',
'X-Rewrite-Url',
'X-Original-Host',
'CF-Connecting-IP',
])
CRAFT_SECURE_HEADERS=X-Forwarded-For,X-Forwarded-Host,X-Forwarded-Proto,X-Rewrite-Url,X-Original-Host,CF-Connecting-IP
:::
secureProtocolHeaders
List of headers to check for determining whether the connection is made via HTTPS.
See yii\web\Request::$secureProtocolHeaders for more details.
If not set, the default yii\web\Request::$secureProtocolHeaders value will be used.
->secureProtocolHeaders([
'X-Forwarded-Proto' => [
'https',
],
'Front-End-Https' => [
'on',
],
'CF-Visitor' => [
'{\"scheme\":\"https\"}',
],
])
securityKey
- Type
- string
- Default value
''
A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible.
->securityKey('2cf24dba5...')
sendContentLengthHeader
- Type
- boolean
- Default value
false
- Since
- 3.7.3
Whether a Content-Length
header should be sent with responses.
::: code
->sendContentLengthHeader(true)
CRAFT_SEND_CONTENT_LENGTH_HEADER=true
:::
sendPoweredByHeader
- Type
- boolean
- Default value
true
Whether an X-Powered-By: Craft CMS
header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft.
::: code
->sendPoweredByHeader(false)
CRAFT_SEND_POWERED_BY_HEADER=false
:::
setGraphqlDatesToSystemTimeZone
- Type
- boolean
- Default value
false
- Since
- 3.7.0
Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
::: code
->setGraphqlDatesToSystemTimeZone(true)
CRAFT_SET_GRAPHQL_DATES_TO_SYSTEM_TIMEZONE=true
:::
setPasswordPath
- Type
mixed
- Default value
'setpassword'
The URI or URL that Craft should use for Set Password forms on the front end.
This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
TIP
You might also want to set config4:invalidUserTokenPath in case a user clicks on an expired password reset link.
::: code
->setPasswordPath('set-password')
CRAFT_SET_PASSWORD_PATH=set-password
:::
See also getSetPasswordPath()
setPasswordRequestPath
- Type
mixed
- Default value
null
- Since
- 3.5.14
The URI to the page where users can request to change their password.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
If this is set, Craft will redirect .well-known/change-password requests to this URI.
TIP
You’ll also need to set setPasswordPath, which determines the URI and template path for the Set Password form where the user resets their password after following the link in the Password Reset email.
::: code
->setPasswordRequestPath('request-password')
CRAFT_SET_PASSWORD_REQUEST_PATH=request-password
:::
See also getSetPasswordRequestPath()
setPasswordSuccessPath
- Type
mixed
- Default value
''
The URI Craft should redirect users to after setting their password from the front end.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->setPasswordSuccessPath('password-set')
CRAFT_SET_PASSWORD_SUCCESS_PATH=password-set
:::
See also getSetPasswordSuccessPath()
showFirstAndLastNameFields
- Type
- boolean
- Default value
false
- Since
- 4.6.0
Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.
::: code
->showFirstAndLastNameFields()
CRAFT_SHOW_FIRST_AND_LAST_NAME_FIELDS=true
:::
siteToken
- Type
- string
- Default value
'siteToken'
- Since
- 3.5.0
The query string parameter name that site tokens should be set to.
::: code
->siteToken('t')
CRAFT_SITE_TOKEN=t
:::
slugWordSeparator
- Type
- string
- Default value
'-'
The character(s) that should be used to separate words in slugs.
::: code
->slugWordSeparator('.')
CRAFT_SLUG_WORD_SEPARATOR=.
:::
softDeleteDuration
- Type
mixed
- Default value
2592000
(30 days)- Since
- 3.1.0
The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
Set to 0
if you don’t ever want to delete soft-deleted items.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
->softDeleteDuration(0)
CRAFT_SOFT_DELETE_DURATION=0
:::
storeUserIps
- Type
- boolean
- Default value
false
- Since
- 3.1.0
Whether user IP addresses should be stored/logged by the system.
::: code
->storeUserIps(true)
CRAFT_STORE_USER_IPS=true
:::
testToEmailAddress
Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
By default, the recipient name(s) will be “Test Recipient”, but you can customize that by setting the value with the format ['me@domain.tld' => 'Name']
.
::: code
->testToEmailAddress('me@domain.tld')
CRAFT_TEST_TO_EMAIL_ADDRESS=me@domain.tld
:::
timezone
The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.
This can be set to one of PHP’s supported timezones.
::: code
->timezone('Europe/London')
CRAFT_TIMEZONE=Europe/London
:::
tokenParam
- Type
- string
- Default value
'token'
The query string parameter name that Craft tokens should be set to.
::: code
->tokenParam('t')
CRAFT_TOKEN_PARAM=t
:::
transformGifs
- Type
- boolean
- Default value
true
- Since
- 3.0.7
Whether GIF files should be cleansed/transformed.
::: code
->transformGifs(false)
CRAFT_TRANSFORM_GIFS=false
:::
transformSvgs
- Type
- boolean
- Default value
true
- Since
- 3.7.1
Whether SVG files should be transformed.
::: code
->transformSvgs(false)
CRAFT_TRANSFORM_SVGS=false
:::
translationDebugOutput
- Type
- boolean
- Default value
false
Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t()
or the |translate
filter.
::: code
->translationDebugOutput(true)
CRAFT_TRANSLATION_DEBUG_OUTPUT=true
:::
trustedHosts
- Type
- array
- Default value
[ 'any', ]
The configuration for trusted security-related headers.
See yii\web\Request::$trustedHosts for more details.
By default, all hosts are trusted.
::: code
->trustedHosts(['trusted-one.foo', 'trusted-two.foo'])
CRAFT_TRUSTED_HOSTS=trusted-one.foo,trusted-two.foo
:::
upscaleImages
- Type
- boolean
- Default value
true
- Since
- 3.4.0
Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
::: code
->upscaleImages(false)
CRAFT_UPSCALE_IMAGES=false
:::
useEmailAsUsername
- Type
- boolean
- Default value
false
Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
If you enable this setting after user accounts already exist, run this terminal command to update existing usernames:
php craft utils/update-usernames
::: code
->useEmailAsUsername(true)
CRAFT_USE_EMAIL_AS_USERNAME=true
:::
useFileLocks
Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX
flag.
Some file systems, such as NFS, do not support exclusive file locking.
If null
, Craft will try to detect if the underlying file system supports exclusive file locking and cache the results.
::: code
->useFileLocks(false)
CRAFT_USE_FILE_LOCKS=false
:::
See also https://php.net/manual/en/function.file-put-contents.php
useIframeResizer
- Type
- boolean
- Default value
false
- Since
- 3.5.5
Whether iFrame Resizer options should be used for Live Preview.
Using iFrame Resizer makes it possible for Craft to retain the preview’s scroll position between page loads, for cross-origin web pages.
It works by setting the height of the iframe to match the height of the inner web page, and the iframe’s container will be scrolled rather than the iframe document itself. This can lead to some unexpected CSS issues, however, because the previewed viewport height will be taller than the visible portion of the iframe.
If you have a decoupled front end, you will need to include iframeResizer.contentWindow.min.js on your page as well for this to work. You can conditionally include it for only Live Preview requests by checking if the requested URL contains a x-craft-live-preview
query string parameter.
TIP
You can customize the behavior of iFrame Resizer via the config4:previewIframeResizerOptions config setting.
::: code
->useIframeResizer(true)
CRAFT_USE_IFRAME_RESIZER=true
:::
usePathInfo
- Type
- boolean
- Default value
false
Whether Craft should specify the path using PATH_INFO
or as a query string parameter when generating URLs.
This setting only takes effect if config4:omitScriptNameInUrls is set to false
.
::: code
->usePathInfo(true)
CRAFT_USE_PATH_INFO=true
:::
useSecureCookies
Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig()
to create a cookie.
Valid values are true
, false
, and 'auto'
. Defaults to 'auto'
, which will set the secure flag if the page you’re currently accessing is over https://
. true
will always set the flag, regardless of protocol and false
will never automatically set the flag.
::: code
->useSecureCookies(true)
CRAFT_USE_SECURE_COOKIES=true
:::
useSslOnTokenizedUrls
Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto'
, Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https
in the tokenized URL. If not, will use http
.
If set to false
, Craft will always use http
. If set to true
, then, Craft will always use https
.
::: code
->useSslOnTokenizedUrls(true)
CRAFT_USE_SSL_ON_TOKENIZED_URLS=true
:::
userSessionDuration
- Type
mixed
- Default value
3600
(1 hour)
The amount of time before a user will get logged out due to inactivity.
Set to 0
if you want users to stay logged in as long as their browser is open rather than a predetermined amount of time.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
// 3 hours
->userSessionDuration(10800)
# 3 hours
CRAFT_USER_SESSION_DURATION=10800
:::
verificationCodeDuration
- Type
mixed
- Default value
86400
(1 day)
The amount of time a user verification code can be used before expiring.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
::: code
// 1 hour
->verificationCodeDuration(3600)
# 1 hour
CRAFT_VERIFICATION_CODE_DURATION=3600
:::
verifyEmailPath
- Type
mixed
- Default value
'verifyemail'
- Since
- 3.4.0
The URI or URL that Craft should use for email verification links on the front end.
This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->verifyEmailPath('verify-email')
CRAFT_VERIFY_EMAIL_PATH=verify-email
:::
See also getVerifyEmailPath()
verifyEmailSuccessPath
- Type
mixed
- Default value
''
- Since
- 3.1.20
The URI that users without access to the control panel should be redirected to after verifying a new email address.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
::: code
->verifyEmailSuccessPath('verified-email')
CRAFT_VERIFY_EMAIL_SUCCESS_PATH=verified-email
:::
See also getVerifyEmailSuccessPath()
Protected Properties
Property | Description |
---|---|
filename | string, null – The config filename |
renamedSettings |
filename
The config filename
renamedSettings
- Default value
[ 'activateAccountFailurePath' => 'invalidUserTokenPath', 'allowAutoUpdates' => 'allowUpdates', 'backupDbOnUpdate' => 'backupOnUpdate', 'defaultFilePermissions' => 'defaultFileMode', 'defaultFolderPermissions' => 'defaultDirMode', 'enableGraphQlCaching' => 'enableGraphqlCaching', 'environmentVariables' => 'aliases', 'isSystemOn' => 'isSystemLive', 'restoreDbOnUpdateFailure' => 'restoreOnUpdateFailure', 'useWriteFileLock' => 'useFileLocks', 'validationKey' => 'securityKey', ]
Public Methods
Method | Description |
---|---|
__call() | Calls the named method which is not a class method. |
__clone() | This method is called after the object is created by cloning an existing one. |
__construct() | |
__get() | Returns the value of a component property. |
__isset() | Checks if a property is set, i.e. defined and not null. |
__set() | Sets the value of a component property. |
__unset() | Sets a component property to be null. |
accessibilityDefaults() | The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet. |
actionTrigger() | The URI segment Craft should look for when determining if the current request should be routed to a controller action. |
activateAccountSuccessPath() | The URI that users without access to the control panel should be redirected to after activating their account. |
activeAttributes() | Returns the attribute names that are subject to validation in the current scenario. |
addAlias() | Adds a custom Yii alias that should be defined for every request. |
addError() | Adds a new error to the specified attribute. |
addErrors() | Adds a list of errors. |
addModelErrors() | Adds errors from another model, with a given attribute name prefix. |
addTrailingSlashesToUrls() | Whether auto-generated URLs should have trailing slashes. |
afterValidate() | This method is invoked after validation ends. |
aliases() | Any custom Yii aliases that should be defined for every request. |
allowAdminChanges() | Whether admins should be allowed to make administrative changes to the system. |
allowSimilarTags() | Whether users should be allowed to create similarly-named tags. |
allowUpdates() | Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store. |
allowUppercaseInSlug() | Whether uppercase letters should be allowed in slugs. |
allowedFileExtensions() | The file extensions Craft should allow when a user is uploading files. |
allowedGraphqlOrigins() | The Ajax origins that should be allowed to access the GraphQL API, if enabled. |
asyncCsrfInputs() | Whether CSRF values should be injected via JavaScript for greater cache-ability. |
attachBehavior() | Attaches a behavior to this component. |
attachBehaviors() | Attaches a list of behaviors to the component. |
attributeHints() | Returns the attribute hints. |
attributeLabels() | Returns the attribute labels. |
attributes() | Returns the list of attribute names. |
autoLoginAfterAccountActivation() | Whether users should automatically be logged in after activating their account or resetting their password. |
backupCommand() | The shell command that Craft should execute to create a database backup. |
backupCommandFormat() | The output format that database backups should use (PostgreSQL only). |
backupOnUpdate() | Whether Craft should create a database backup before applying a new system update. |
baseCpUrl() | The base URL Craft should use when generating control panel URLs. |
beforeValidate() | This method is invoked before validation starts. |
behaviors() | Returns a list of behaviors that this component should behave as. |
blowfishHashCost() | The higher the cost value, the longer it takes to generate a password hash and to verify against it. |
brokenImagePath() | The server path to an image file that should be sent when responding to an image request with a 404 status code. |
buildId() | A unique ID representing the current build of the codebase. |
cacheDuration() | The default length of time Craft will store data, RSS feed, and template caches. |
canGetProperty() | Returns a value indicating whether a property can be read. |
canSetProperty() | Returns a value indicating whether a property can be set. |
className() | Returns the fully qualified name of this class. |
clearErrors() | Removes errors for all attributes or a single attribute. |
convertFilenamesToAscii() | Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñ → n ). |
cooldownDuration() | The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts. |
cpHeadTags() | List of additional HTML tags that should be included in the <head> of control panel pages. |
cpTrigger() | The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website. |
create() | Factory method for creating new config objects. |
createValidators() | Creates validator objects based on the validation rules specified in rules(). |
csrfTokenName() | The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true . |
datetimeAttributes() | Returns the names of any attributes that should hold DateTime values. |
defaultCookieDomain() | The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld' . |
defaultCountryCode() | The two-letter country code that addresses will be set to by default. |
defaultCpLanguage() | The default language the control panel should use for users who haven’t set a preferred language yet. |
defaultCpLocale() | The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale. |
defaultDirMode() | The default permission to be set for newly-generated directories. |
defaultFileMode() | The default permission to be set for newly-generated files. |
defaultImageQuality() | The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file). |
defaultSearchTermOptions() | The default options that should be applied to each search term. |
defaultTemplateExtensions() | The template file extensions Craft will look for when matching a template path to a file on the front end. |
defaultTokenDuration() | The default amount of time tokens can be used before expiring. |
defaultWeekStartDay() | The default day new users should have set as their Week Start Day. |
deferPublicRegistrationPassword() | By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form. |
detachBehavior() | Detaches a behavior from the component. |
detachBehaviors() | Detaches all behaviors from the component. |
devMode() | Whether the system should run in Dev Mode. |
disableGraphqlTransformDirective() | Whether the transform directive should be disabled for the GraphQL API. |
disabledPlugins() | Array of plugin handles that should be disabled, regardless of what the project config says. |
disabledUtilities() | Array of utility IDs that should be disabled. |
disallowRobots() | Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers. |
elevatedSessionDuration() | The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment). |
enableBasicHttpAuth() | Whether front-end web requests should support basic HTTP authentication. |
enableCsrfCookie() | Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance. |
enableCsrfProtection() | Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft. |
enableGql() | Whether the GraphQL API should be enabled. |
enableGraphqlCaching() | Whether Craft should cache GraphQL queries. |
enableGraphqlIntrospection() | Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel. |
enableTemplateCaching() | Whether to enable Craft’s template {% cache %} tag on a global basis. |
ensureBehaviors() | Makes sure that the behaviors declared in behaviors() are attached to this component. |
errorTemplatePrefix() | The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template. |
extraAllowedFileExtensions() | List of file extensions that will be merged into the config4:allowedFileExtensions config setting. |
extraAppLocales() | List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language. |
extraFields() | Returns the list of fields that can be expanded further and returned by toArray(). |
extraFileKinds() | List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds() . |
extraLastNamePrefixes() | Any additional last name prefixes that should be supported by the name parser. |
extraNameSalutations() | Any additional name salutations that should be supported by the name parser. |
extraNameSuffixes() | Any additional name suffixes that should be supported by the name parser. |
fields() | Returns the list of fields that should be returned by default by toArray() when no specific fields are specified. |
filenameWordSeparator() | The string to use to separate words when uploading assets. If set to false , spaces will be left alone. |
formName() | Returns the form name that this model class should use. |
generateAttributeLabel() | Generates a user friendly attribute label based on the give attribute name. |
generateTransformsBeforePageLoad() | Whether image transforms should be generated before page load. |
getActivateAccountSuccessPath() | Returns the localized Activate Account Success Path value. |
getActiveValidators() | Returns the validators applicable to the current scenario. |
getAttributeHint() | Returns the text hint for the specified attribute. |
getAttributeLabel() | Returns the text label for the specified attribute. |
getAttributes() | Returns attribute values. |
getBackupOnUpdate() | Returns whether the DB should be backed up before running new migrations. |
getBehavior() | Returns the named behavior object. |
getBehaviors() | Returns all behaviors attached to this component. |
getErrorSummary() | Returns the errors for all attributes as a one-dimensional array. |
getErrors() | Returns the errors for all attributes or a single attribute. |
getFirstError() | Returns the first error of the specified attribute. |
getFirstErrors() | Returns the first error of every attribute in the model. |
getInvalidUserTokenPath() | Returns the localized Invalid User Token Path value. |
getIterator() | Returns an iterator for traversing the attributes in the model. |
getLoginPath() | Returns the localized Login Path value. |
getLogoutPath() | Returns the localized Logout Path value. |
getPageTrigger() | Returns the normalized page trigger. |
getPostCpLoginRedirect() | Returns the localized Post-Login Redirect path for the control panel. |
getPostLoginRedirect() | Returns the localized Post-Login Redirect path. |
getPostLogoutRedirect() | Returns the localized Post-Logout Redirect path. |
getRememberedUserSessionDuration() | Returns the remembered user session duration as a DateInterval object, if it’s set. |
getScenario() | Returns the scenario that this model is used in. |
getSetPasswordPath() | Returns the localized Set Password Path value. |
getSetPasswordRequestPath() | Returns the localized Set Password Request Path value. |
getSetPasswordSuccessPath() | Returns the localized Set Password Success Path value. |
getTestToEmailAddress() | Returns the normalized test email addresses. |
getValidators() | Returns all the validators declared in rules(). |
getVerifyEmailPath() | Returns the localized Verify Email Path value. |
getVerifyEmailSuccessPath() | Returns the localized Verify Email Success Path value. |
gqlTypePrefix() | Prefix to use for all type names returned by GraphQL. |
handleCasing() | The casing to use for autogenerated component handles. |
hasErrors() | Returns a value indicating whether there is any validation error. |
hasEventHandlers() | Returns a value indicating whether there is any handler attached to the named event. |
hasMethod() | Returns a value indicating whether a method is defined. |
hasProperty() | Returns a value indicating whether a property is defined for this component. |
headlessMode() | Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations. |
httpProxy() | The proxy server that should be used for outgoing HTTP requests. |
imageDriver() | The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior. |
imageEditorRatios() | An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio , where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed. |
indexTemplateFilenames() | The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end. |
init() | Initializes the object. |
instance() | Returns static class instance, which can be used to obtain meta information. |
invalidLoginWindowDuration() | The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account. |
invalidUserTokenPath() | The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests. |
ipHeaders() | List of headers where proxies store the real client IP. |
isAttributeActive() | Returns a value indicating whether the attribute is active in the current scenario. |
isAttributeRequired() | Returns a value indicating whether the attribute is required. |
isAttributeSafe() | Returns a value indicating whether the attribute is safe for massive assignments. |
isSystemLive() | Whether the site is currently live. If set to true or false , it will take precedence over the System Status setting in Settings → General. |
lazyGqlTypes() | Whether GraphQL types should be generated lazily. |
limitAutoSlugsToAscii() | Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n). |
load() | Populates the model with input data. |
loadMultiple() | Populates a set of models with the data from end user. |
loginPath() | The URI Craft should use for user login on the front end. |
logoutPath() | The URI Craft should use for user logout on the front end. |
maxBackups() | The number of backups Craft should make before it starts deleting the oldest backups. If set to false , Craft will not delete any backups. |
maxCachedCloudImageSize() | The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them. |
maxGraphqlBatchSize() | The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries. |
maxGraphqlComplexity() | The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity. |
maxGraphqlDepth() | The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth. |
maxGraphqlResults() | The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits. |
maxInvalidLogins() | The number of invalid login attempts Craft will allow within the specified duration before the account gets locked. |
maxRevisions() | The maximum number of revisions that should be stored for each element. |
maxSlugIncrement() | The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error. |
maxUploadFileSize() | The maximum upload file size allowed. |
off() | Detaches an existing event handler from this component. |
offsetExists() | Returns whether there is an element at the specified offset. |
offsetGet() | Returns the element at the specified offset. |
offsetSet() | Sets the element at the specified offset. |
offsetUnset() | Sets the element value at the specified offset to null. |
omitScriptNameInUrls() | Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path ) |
on() | Attaches an event handler to an event. |
onUnsafeAttribute() | This method is invoked when an unsafe attribute is being massively assigned. |
optimizeImageFilesize() | Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.) |
pageTrigger() | The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages. |
pathParam() | The query string param that Craft will check when determining the request’s path. |
permissionsPolicyHeader() | The Permissions-Policy header that should be sent for web responses. |
phpMaxMemoryLimit() | The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can. |
phpSessionName() | The name of the PHP session cookie. |
postCpLoginRedirect() | The path users should be redirected to after logging into the control panel. |
postLoginRedirect() | The path users should be redirected to after logging in from the front-end site. |
postLogoutRedirect() | The path that users should be redirected to after logging out from the front-end site. |
prefixGqlRootTypes() | Whether the config4:gqlTypePrefix config setting should have an impact on query , mutation , and subscription types. |
preloadSingles() | Whether Single section entries should be preloaded for Twig templates. |
preserveCmykColorspace() | Whether CMYK should be preserved as the colorspace when manipulating images. |
preserveExifData() | Whether the EXIF data should be preserved when manipulating and uploading images. |
preserveImageColorProfiles() | Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images. |
preventUserEnumeration() | When true , Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users. |
previewIframeResizerOptions() | Custom iFrame Resizer options that should be used for preview iframes. |
previewTokenDuration() | The amount of time content preview tokens can be used before expiring. |
privateTemplateTrigger() | The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL. |
purgePendingUsersDuration() | The amount of time to wait before Craft purges pending users from the system that have not activated. |
purgeStaleUserSessionDuration() | The amount of time to wait before Craft purges stale user sessions from the sessions table in the database. |
purgeUnsavedDraftsDuration() | The amount of time to wait before Craft purges unpublished drafts that were never updated with content. |
rasterizeSvgThumbs() | Whether SVG thumbnails should be rasterized. |
rememberUsernameDuration() | The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page. |
rememberedUserSessionDuration() | The amount of time a user stays logged if “Remember Me” is checked on the login page. |
requireMatchingUserAgentForSession() | Whether Craft should require a matching user agent string when restoring a user session from a cookie. |
requireUserAgentAndIpForSession() | Whether Craft should require the existence of a user agent string and IP address when creating a new user session. |
resourceBasePath() | The path to the root directory that should store published control panel resources. |
resourceBaseUrl() | The URL to the root directory that should store published control panel resources. |
restoreCommand() | The shell command Craft should execute to restore a database backup. |
revAssetUrls() | Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified. |
rotateImagesOnUploadByExifData() | Whether Craft should rotate images according to their EXIF data on upload. |
rules() | Returns the validation rules for attributes. |
runQueueAutomatically() | Whether Craft should run pending queue jobs automatically when someone visits the control panel. |
safeAttributes() | Returns the attribute names that are safe to be massively assigned in the current scenario. |
safeMode() | Whether the system should run in Safe Mode. |
sameSiteCookieValue() | The SameSite value that should be set on Craft cookies, if any. |
sanitizeCpImageUploads() | Whether images uploaded via the control panel should be sanitized. |
sanitizeSvgUploads() | Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content. |
scenarios() | Returns a list of scenarios and the corresponding active attributes. |
secureHeaders() | Lists of headers that are, by default, subject to the trusted host configuration. |
secureProtocolHeaders() | List of headers to check for determining whether the connection is made via HTTPS. |
securityKey() | A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security. |
sendContentLengthHeader() | Whether a Content-Length header should be sent with responses. |
sendPoweredByHeader() | Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft. |
setAttributes() | Sets the attribute values in a massive way. |
setGraphqlDatesToSystemTimeZone() | Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC. |
setPasswordPath() | The URI or URL that Craft should use for Set Password forms on the front end. |
setPasswordRequestPath() | The URI to the page where users can request to change their password. |
setPasswordSuccessPath() | The URI Craft should redirect users to after setting their password from the front end. |
setScenario() | Sets the scenario for the model. |
showFirstAndLastNameFields() | Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields. |
siteToken() | The query string parameter name that site tokens should be set to. |
slugWordSeparator() | The character(s) that should be used to separate words in slugs. |
softDeleteDuration() | The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection. |
storeUserIps() | Whether user IP addresses should be stored/logged by the system. |
testToEmailAddress() | Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes. |
timezone() | The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General. |
toArray() | Converts the model into an array. |
tokenParam() | The query string parameter name that Craft tokens should be set to. |
transformGifs() | Whether GIF files should be cleansed/transformed. |
transformSvgs() | Whether SVG files should be transformed. |
translationDebugOutput() | Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the ` |
trigger() | Triggers an event. |
trustedHosts() | The configuration for trusted security-related headers. |
upscaleImages() | Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions. |
useEmailAsUsername() | Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately. |
useFileLocks() | Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag. |
useIframeResizer() | Whether iFrame Resizer options should be used for Live Preview. |
usePathInfo() | Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs. |
useSecureCookies() | Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie. |
useSslOnTokenizedUrls() | Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto' , Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https in the tokenized URL. If not, will use http . |
userSessionDuration() | The amount of time before a user will get logged out due to inactivity. |
validate() | Performs the data validation. |
validateMultiple() | Validates multiple models. |
verificationCodeDuration() | The amount of time a user verification code can be used before expiring. |
verifyEmailPath() | The URI or URL that Craft should use for email verification links on the front end. |
verifyEmailSuccessPath() | The URI that users without access to the control panel should be redirected to after verifying a new email address. |
__set()
Sets the value of a component property.
This method will check in the following order and act accordingly:
- a property defined by a setter: set the property value
- an event in the format of "on xyz": attach the handler to the event "xyz"
- a behavior in the format of "as xyz": attach the behavior named as "xyz"
- a property of a behavior: set the behavior property value
Do not call this method directly as it is a PHP magic method that will be implicitly called when executing $component->property = $value;
.
Arguments
$name
(string) – The property name or the event name$value
(mixed
) – The property value
Throws
- yii\base\UnknownPropertyException
if the property is not defined - yii\base\InvalidCallException
if the property is read-only.
accessibilityDefaults()
- Since
- 4.2.0
The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.
The array can contain the following keys:
alwaysShowFocusRings
- Whether focus rings should always be shown when an element has focus.useShapes
– Whether shapes should be used to represent statuses.underlineLinks
– Whether links should be underlined.notificationDuration
– How long notifications should be shown before they disappear automatically (in milliseconds). Set to0
to show them indefinitely.
->accessibilityDefaults([
'useShapes' => true,
])
Arguments
$value
(array)
Returns
self
actionTrigger()
- Since
- 4.2.0
The URI segment Craft should look for when determining if the current request should be routed to a controller action.
->actionTrigger('do-it')
Arguments
$value
(string)
Returns
self
activateAccountSuccessPath()
- Since
- 4.2.0
The URI that users without access to the control panel should be redirected to after activating their account.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->activateAccountSuccessPath('welcome')
See also getActivateAccountSuccessPath()View source
Arguments
$value
(mixed
)
Returns
self
addAlias()
- Since
- 4.2.0
Adds a custom Yii alias that should be defined for every request.
->addAlias('@webroot', '/var/www/')
Arguments
Returns
self
addTrailingSlashesToUrls()
- Since
- 4.2.0
Whether auto-generated URLs should have trailing slashes.
->addTrailingSlashesToUrls(true)
Arguments
$value
(boolean)
Returns
self
aliases()
- Since
- 4.2.0
Any custom Yii aliases that should be defined for every request.
->aliases([
'@webroot' => '/var/www/',
])
Arguments
$value
(array<string,string|null>
)
Returns
self
allowAdminChanges()
- Since
- 4.2.0
Whether admins should be allowed to make administrative changes to the system.
When this is disabled, the Settings section will be hidden, the Craft edition and Craft/plugin versions will be locked, and the project config and Plugin Store will become read-only—though Craft and plugin licenses may still be purchased.
It’s best to disable this in production environments with a deployment workflow that runs composer install
and propagates project config updates on deploy.
WARNING
Don’t disable this setting until all environments have been updated to Craft 3.1.0 or later.
->allowAdminChanges(false)
Arguments
$value
(boolean)
Returns
self
allowSimilarTags()
- Since
- 4.2.0
Whether users should be allowed to create similarly-named tags.
->allowSimilarTags(true)
Arguments
$value
(boolean)
Returns
self
allowUpdates()
- Since
- 4.2.0
Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.
This setting will automatically be disabled if config4:allowAdminChanges is disabled.
->allowUpdates(false)
Arguments
$value
(boolean)
Returns
self
allowUppercaseInSlug()
- Since
- 4.2.0
Whether uppercase letters should be allowed in slugs.
->allowUppercaseInSlug(true)
Arguments
$value
(boolean)
Returns
self
allowedFileExtensions()
- Since
- 4.2.0
The file extensions Craft should allow when a user is uploading files.
// Nothing bug GIFs!
->allowedFileExtensions([
'gif',
])
Arguments
$value
(string[])
Returns
self
allowedGraphqlOrigins()
DEPRECATED
Deprecated in 4.11.0. craft\filters\Cors should be used instead.
- Since
- 4.2.0
The Ajax origins that should be allowed to access the GraphQL API, if enabled.
If this is set to an array, then graphql/api
requests will only include the current request’s origin in the Access-Control-Allow-Origin
response header if it’s listed here.
If this is set to false
, then the Access-Control-Allow-Origin
response header will never be sent.
->allowedGraphqlOrigins(false)
See also https://www.yiiframework.com/doc/api/2.0/yii-filters-corsView source
Arguments
Returns
self
asyncCsrfInputs()
- Since
- 4.9.0
Whether CSRF values should be injected via JavaScript for greater cache-ability.
->asyncCsrfInputs(true)
Arguments
$value
(boolean)
Returns
self
autoLoginAfterAccountActivation()
- Since
- 4.2.0
Whether users should automatically be logged in after activating their account or resetting their password.
->autoLoginAfterAccountActivation(true)
Arguments
$value
(boolean)
Returns
self
backupCommand()
- Since
- 4.2.0
The shell command that Craft should execute to create a database backup.
When set to null
(default), Craft will run mysqldump
or pg_dump
, provided that those libraries are in the $PATH
variable for the system user running the web server.
You may provide your own command, which can include several tokens Craft will substitute at runtime:
{file}
- the target backup file path{port}
- the current database port{server}
- the current database hostname{user}
- user that was used to connect to the database{password}
- password for the specified{user}
{database}
- the current database name{schema}
- the current database schema (if any)
This can also be set to false
to disable database backups completely.
->backupCommand(false)
Arguments
Returns
self
backupCommandFormat()
- Since
- 4.9.0
The output format that database backups should use (PostgreSQL only).
This setting has no effect with MySQL databases.
Valid options are custom
, directory
, tar
, or plain
. When set to null
(default), pg_restore
will default to plain
See also https://www.postgresql.org/docs/current/app-pgdump.htmlView source
Arguments
$value
(string)
Returns
self
backupOnUpdate()
- Since
- 4.2.0
Whether Craft should create a database backup before applying a new system update.
->backupOnUpdate(false)
Arguments
$value
(boolean)
Returns
self
baseCpUrl()
- Since
- 4.2.0
The base URL Craft should use when generating control panel URLs.
It will be determined automatically if left blank.
TIP
The base control panel URL should not include the control panel trigger word (e.g. /admin
).
->baseCpUrl('https://cms.my-project.tld/')
Arguments
Returns
self
blowfishHashCost()
- Since
- 4.2.0
The higher the cost value, the longer it takes to generate a password hash and to verify against it.
Therefore, higher cost slows down a brute-force attack.
For best protection against brute force attacks, set it to the highest value that is tolerable on production servers.
The time taken to compute the hash doubles for every increment by one for this value.
For example, if the hash takes 1 second to compute when the value is 14 then the compute time varies as 2^(value - 14) seconds.
->blowfishHashCost(15)
Arguments
$value
(integer)
Returns
self
brokenImagePath()
- Since
- 4.2.0
The server path to an image file that should be sent when responding to an image request with a 404 status code.
This can be set to an aliased path such as @webroot/assets/404.svg
.
->brokenImagePath('@webroot/assets/404.svg')
Arguments
Returns
self
buildId()
- Since
- 4.2.0
A unique ID representing the current build of the codebase.
This should be set to something unique to the deployment, e.g. a Git SHA or a deployment timestamp.
->buildId(\craft\helpers\App::env('GIT_SHA'))
Arguments
Returns
self
cacheDuration()
- Since
- 4.2.0
The default length of time Craft will store data, RSS feed, and template caches.
If set to 0
, data and RSS feed caches will be stored indefinitely; template caches will be stored for one year.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
->cacheDuration(0)
Arguments
$value
(mixed
)
Returns
self
convertFilenamesToAscii()
- Since
- 4.2.0
Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñ
→ n
).
TIP
You can run php craft utils/ascii-filenames
in your terminal to apply ASCII filenames to all existing assets.
->convertFilenamesToAscii(false)
Arguments
$value
(boolean)
Returns
self
cooldownDuration()
- Since
- 4.2.0
The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.
Set to 0
to keep the account locked indefinitely, requiring an admin to manually unlock the account.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
->cooldownDuration(0)
Arguments
$value
(mixed
)
Returns
self
cpHeadTags()
- Since
- 4.2.0
List of additional HTML tags that should be included in the <head>
of control panel pages.
Each tag can be specified as an array of the tag name and its attributes.
For example, you can give the control panel a custom favicon (etc.) like this:
->cpHeadTags([
// Traditional favicon
['link', ['rel' => 'icon', 'href' => '/icons/favicon.ico']],
// Scalable favicon for browsers that support them
['link', ['rel' => 'icon', 'type' => 'image/svg+xml', 'sizes' => 'any', 'href' => '/icons/favicon.svg']],
// Touch icon for mobile devices
['link', ['rel' => 'apple-touch-icon', 'sizes' => '180x180', 'href' => '/icons/touch-icon.svg']],
// Pinned tab icon for Safari
['link', ['rel' => 'mask-icon', 'href' => '/icons/mask-icon.svg', 'color' => '#663399']],
])
Arguments
$value
(array)
Returns
self
cpTrigger()
- Since
- 4.2.0
The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.
This can be set to null
if you have a dedicated hostname for the control panel (e.g. cms.my-project.tld
), or you are running Craft in Headless Mode. If you do that, you will need to ensure that the control panel is being served from its own web root directory on your server, with an index.php
file that defines the CRAFT_CP
PHP constant.
define('CRAFT_CP', true);
Alternatively, you can set the config4:baseCpUrl config setting, but then you will run the risk of losing access to portions of your control panel due to URI conflicts with actual folders/files in your main web root.
(For example, if you have an assets/
folder, that would conflict with the /assets
page in the control panel.)
->cpTrigger(null)
Arguments
Returns
self
csrfTokenName()
- Since
- 4.2.0
The name of CSRF token used for CSRF validation if config4:enableCsrfProtection is set to true
.
->csrfTokenName('MY_CSRF')
See also enableCsrfProtection()View source
Arguments
$value
(string)
Returns
self
defaultCookieDomain()
- Since
- 4.2.0
The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'
.
->defaultCookieDomain('.my-project.tld')
Arguments
$value
(string)
Returns
self
defaultCountryCode()
- Since
- 4.5.0
The two-letter country code that addresses will be set to by default.
See https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 for a list of acceptable country codes.
->defaultCountryCode('GB')
Arguments
$value
(string)
Returns
self
defaultCpLanguage()
- Since
- 4.2.0
The default language the control panel should use for users who haven’t set a preferred language yet.
->defaultCpLanguage('en-US')
Arguments
Returns
self
Throws
defaultCpLocale()
- Since
- 4.2.0
The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.
If this is null
, the config4:defaultCpLanguage config setting will determine which locale is used for date/number formatting by default.
->defaultCpLocale('en-US')
Arguments
Returns
self
defaultDirMode()
- Since
- 4.2.0
The default permission to be set for newly-generated directories.
If set to null
, the permission will be determined by the current environment.
->defaultDirMode(0744)
Arguments
$value
(mixed
)
Returns
self
defaultFileMode()
- Since
- 4.2.0
The default permission to be set for newly-generated files.
If set to null
, the permission will be determined by the current environment.
->defaultFileMode(0744)
Arguments
Returns
self
defaultImageQuality()
- Since
- 4.2.0
The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).
->defaultImageQuality(90)
Arguments
$value
(integer)
Returns
self
defaultSearchTermOptions()
- Since
- 4.2.0
The default options that should be applied to each search term.
Options include:
subLeft
– Whether to include keywords that contain the term, with additional characters before it. (false
by default)subRight
– Whether to include keywords that contain the term, with additional characters after it. (true
by default)exclude
– Whether search results should exclude records with this term. (false
by default)exact
– Whether the term must be an exact match (only applies if the search term specifies an attribute). (false
by default)
->defaultSearchTermOptions([
'subLeft' => true,
'exclude' => 'secret',
])
Arguments
$value
(array)
Returns
self
defaultTemplateExtensions()
- Since
- 4.2.0
The template file extensions Craft will look for when matching a template path to a file on the front end.
->defaultTemplateExtensions(['html', 'twig', 'txt'])
Arguments
$value
(array)
Returns
self
defaultTokenDuration()
- Since
- 4.2.0
The default amount of time tokens can be used before expiring.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
// One week
->defaultTokenDuration(604800)
Arguments
$value
(mixed
)
Returns
self
defaultWeekStartDay()
- Since
- 4.2.0
The default day new users should have set as their Week Start Day.
This should be set to one of the following integers:
0
– Sunday1
– Monday2
– Tuesday3
– Wednesday4
– Thursday5
– Friday6
– Saturday
->defaultWeekStartDay(0)
Arguments
$value
(integer)
Returns
self
deferPublicRegistrationPassword()
- Since
- 4.2.0
By default, Craft requires a front-end “password” field for public user registrations. Setting this to true
removes that requirement for the initial registration form.
If you have email verification enabled, new users will set their password once they’ve followed the verification link in the email. If you don’t, the only way they can set their password is to go through your “forgot password” workflow.
->deferPublicRegistrationPassword(true)
Arguments
$value
(boolean)
Returns
self
devMode()
- Since
- 4.2.0
Whether the system should run in Dev Mode.
->devMode(true)
Arguments
$value
(boolean)
Returns
self
disableGraphqlTransformDirective()
- Since
- 4.2.0
Whether the transform
directive should be disabled for the GraphQL API.
->disableGraphqlTransformDirective(true)
Arguments
$value
(boolean)
Returns
self
disabledPlugins()
- Since
- 4.2.0
Array of plugin handles that should be disabled, regardless of what the project config says.
->disabledPlugins([
'webhooks',
])
This can also be set to '*'
to disable all plugins.
->dev([
'disabledPlugins' => '*',
])
WARNING
This should not be set on a per-environment basis, as it could result in plugin schema version mismatches between environments, which will prevent project config changes from getting applied.
->disabledPlugins(['redactor', 'webhooks'])
Arguments
Returns
self
disabledUtilities()
- Since
- 4.6.0
Array of utility IDs that should be disabled.
::: code
->disabledUtilities([
'updates',
'find-replace',
])
CRAFT_DISABLED_UTILITIES=updates,find-replace
:::
Arguments
$value
(string[])
Returns
self
disallowRobots()
- Since
- 4.2.0
Whether front end requests should respond with X-Robots-Tag: none
HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.
TIP
This should be set to true
for development and staging environments.
->disallowRobots(true)
Arguments
$value
(boolean)
Returns
self
elevatedSessionDuration()
- Since
- 4.2.0
The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).
Set to 0
to disable elevated session support.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
->elevatedSessionDuration(0)
Arguments
$value
(mixed
)
Returns
self
enableBasicHttpAuth()
- Since
- 4.2.0
Whether front-end web requests should support basic HTTP authentication.
->enableBasicHttpAuth(true)
Arguments
$value
(boolean)
Returns
self
enableCsrfCookie()
- Since
- 4.2.0
Whether to use a cookie to persist the CSRF token if config4:enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName
config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.
->enableCsrfCookie(false)
Arguments
$value
(boolean)
Returns
self
enableCsrfProtection()
- Since
- 4.2.0
Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.
->enableCsrfProtection(false)
Arguments
$value
(boolean)
Returns
self
enableGql()
- Since
- 4.2.0
Whether the GraphQL API should be enabled.
The GraphQL API is only available for Craft Pro.
->enableGql(false)
Arguments
$value
(boolean)
Returns
self
enableGraphqlCaching()
- Since
- 4.2.0
Whether Craft should cache GraphQL queries.
If set to true
, Craft will cache the results for unique GraphQL queries per access token. The cache is automatically invalidated any time an element is saved, the site structure is updated, or a GraphQL schema is saved.
This setting will have no effect if a plugin is using the craft\services\Gql::EVENT_BEFORE_EXECUTE_GQL_QUERY event to provide its own caching logic and setting the result
property.
->enableGraphqlCaching(false)
Arguments
$value
(boolean)
Returns
self
enableGraphqlIntrospection()
- Since
- 4.2.0
Whether GraphQL introspection queries are allowed. Defaults to true
and is always allowed in the control panel.
->enableGraphqlIntrospection(false)
Arguments
$value
(boolean)
Returns
self
enableTemplateCaching()
- Since
- 4.2.0
Whether to enable Craft’s template {% cache %}
tag on a global basis.
->enableTemplateCaching(false)
See also https://craftcms.com/docs/templating/cacheView source
Arguments
$value
(boolean)
Returns
self
errorTemplatePrefix()
- Since
- 4.2.0
The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.
If set to '_'
your site’s 404 template would live at templates/_404.twig
, for example.
->errorTemplatePrefix('_')
Arguments
$value
(string)
Returns
self
extraAllowedFileExtensions()
- Since
- 4.2.0
List of file extensions that will be merged into the config4:allowedFileExtensions config setting.
->extraAllowedFileExtensions(['mbox', 'xml'])
Arguments
Returns
self
extraAppLocales()
- Since
- 4.2.0
List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.
->extraAppLocales(['uk'])
Arguments
Returns
self
Throws
extraFileKinds()
- Since
- 4.2.0
List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds()
.
->extraFileKinds([
// merge .psb into list of Photoshop file kinds
'photoshop' => [
'extensions' => ['psb'],
],
// register new "Stylesheet" file kind
'stylesheet' => [
'label' => 'Stylesheet',
'extensions' => ['css', 'less', 'pcss', 'sass', 'scss', 'styl'],
],
])
TIP
File extensions listed here won’t immediately be allowed to be uploaded. You will also need to list them with the config4:extraAllowedFileExtensions config setting.
Arguments
$value
(array)
Returns
self
extraLastNamePrefixes()
- Since
- 4.3.0
Any additional last name prefixes that should be supported by the name parser.
->extraLastNamePrefixes(['Dal', 'Van Der'])
Arguments
$value
(string[])
Returns
self
extraNameSalutations()
- Since
- 4.3.0
Any additional name salutations that should be supported by the name parser.
->extraNameSalutations(['Lady', 'Sire'])
Arguments
$value
(string[])
Returns
self
extraNameSuffixes()
- Since
- 4.3.0
Any additional name suffixes that should be supported by the name parser.
->extraNameSuffixes(['CCNA', 'OBE'])
Arguments
$value
(string[])
Returns
self
filenameWordSeparator()
- Since
- 4.2.0
The string to use to separate words when uploading assets. If set to false
, spaces will be left alone.
->filenameWordSeparator(false)
Arguments
Returns
self
generateTransformsBeforePageLoad()
- Since
- 4.2.0
Whether image transforms should be generated before page load.
->generateTransformsBeforePageLoad(true)
Arguments
$value
(boolean)
Returns
self
getActivateAccountSuccessPath()
Returns the localized Activate Account Success Path value.
See also activateAccountSuccessPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getBackupOnUpdate()
Returns whether the DB should be backed up before running new migrations.
Returns
getInvalidUserTokenPath()
Returns the localized Invalid User Token Path value.
See also invalidUserTokenPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getLoginPath()
Returns the localized Login Path value.
See also loginPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
mixed
getLogoutPath()
Returns the localized Logout Path value.
See also logoutPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
mixed
getPageTrigger()
- Since
- 3.2.0
Returns the normalized page trigger.
See also pageTrigger()View source
Returns
getPostCpLoginRedirect()
Returns the localized Post-Login Redirect path for the control panel.
See also postCpLoginRedirect()View source
Returns
getPostLoginRedirect()
Returns the localized Post-Login Redirect path.
See also postLoginRedirect()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getPostLogoutRedirect()
Returns the localized Post-Logout Redirect path.
See also postLogoutRedirect()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getRememberedUserSessionDuration()
- Since
- 4.2.1
Returns the remembered user session duration as a DateInterval object, if it’s set.
Returns
getSetPasswordPath()
Returns the localized Set Password Path value.
See also setPasswordPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getSetPasswordRequestPath()
- Since
- 3.5.14
Returns the localized Set Password Request Path value.
See also setPasswordRequestPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getSetPasswordSuccessPath()
Returns the localized Set Password Success Path value.
See also setPasswordSuccessPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getTestToEmailAddress()
- Since
- 3.5.0
Returns the normalized test email addresses.
Returns
getVerifyEmailPath()
- Since
- 3.4.0
Returns the localized Verify Email Path value.
See also verifyEmailPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
getVerifyEmailSuccessPath()
- Since
- 3.1.20
Returns the localized Verify Email Success Path value.
See also verifyEmailSuccessPath()View source
Arguments
$siteHandle
(string, null) – The site handle the value should be defined for. Defaults to the current site.
Returns
gqlTypePrefix()
- Since
- 4.2.0
Prefix to use for all type names returned by GraphQL.
->gqlTypePrefix('craft_')
Arguments
$value
(string)
Returns
self
handleCasing()
- Since
- 4.2.0
The casing to use for autogenerated component handles.
This can be set to one of the following:
camel
– for camelCasepascal
– for PascalCase (aka UpperCamelCase)snake
– for snake_case
->handleCasing('pascal')
Arguments
$value
(string)
Returns
self
headlessMode()
- Since
- 4.2.0
Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.
When this is enabled, the following changes will take place:
- Template settings for sections and category groups will be hidden.
- Template route management will be hidden.
- Front-end routing will skip checks for element and template requests.
- Front-end responses will be JSON-formatted rather than HTML by default.
- Twig will be configured to escape unsafe strings for JavaScript/JSON rather than HTML by default for front-end requests.
- The config4:loginPath, config4:logoutPath, config4:setPasswordPath, and config4:verifyEmailPath settings will be ignored.
TIP
With Headless Mode enabled, users may only set passwords and verify email addresses via the control panel. Be sure to grant “Access the control panel” permission to all content editors and administrators. You’ll also need to set the config4:baseCpUrl config setting if the control panel is located on a different domain than your front end.
->headlessMode(true)
Arguments
$value
(boolean)
Returns
self
httpProxy()
- Since
- 4.2.0
The proxy server that should be used for outgoing HTTP requests.
This can be set to a URL (http://localhost
) or a URL plus a port (http://localhost:8125
).
->httpProxy('http://localhost')
Arguments
Returns
self
imageDriver()
- Since
- 4.2.0
The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick'
or 'gd'
here to override that behavior.
->imageDriver('imagick')
Arguments
$value
(mixed
)
Returns
self
imageEditorRatios()
- Since
- 4.2.0
An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label
=> ratio
, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.
->imageEditorRatios([
'Unconstrained' => 'none',
'Original' => 'original',
'Square' => 1,
'IMAX' => 1.9,
'Widescreen' => 1.78,
])
Arguments
$value
(array)
Returns
self
indexTemplateFilenames()
- Since
- 4.2.0
The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.
->indexTemplateFilenames(['index', 'default'])
Arguments
$value
(string[])
Returns
self
init()
Initializes the object.
This method is invoked at the end of the constructor after the object is initialized with the given configuration.
Throws
invalidLoginWindowDuration()
- Since
- 4.2.0
The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
// 1 day
->invalidLoginWindowDuration(86400)
Arguments
$value
(mixed
)
Returns
self
invalidUserTokenPath()
- Since
- 4.2.0
The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
// 1 day
->invalidUserTokenPath('nope')
Arguments
$value
(mixed
)
Returns
self
ipHeaders()
- Since
- 4.2.0
List of headers where proxies store the real client IP.
See yii\web\Request::$ipHeaders for more details.
If not set, the default craft\web\Request::$ipHeaders value will be used.
->ipHeaders(['X-Forwarded-For', 'CF-Connecting-IP'])
Arguments
Returns
self
isSystemLive()
- Since
- 4.2.0
Whether the site is currently live. If set to true
or false
, it will take precedence over the System Status setting in Settings → General.
->isSystemLive(true)
Arguments
Returns
self
lazyGqlTypes()
- Since
- 4.11.0
Whether GraphQL types should be generated lazily.
->lazyGqlTypes(true)
Arguments
$value
(boolean)
Returns
self
limitAutoSlugsToAscii()
- Since
- 4.2.0
Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).
TIP
This only affects the JavaScript auto-generated slugs. Non-ASCII characters can still be used in slugs if entered manually.
->limitAutoSlugsToAscii(true)
Arguments
$value
(boolean)
Returns
self
loginPath()
- Since
- 4.2.0
The URI Craft should use for user login on the front end.
This can be set to false
to disable front-end login.
Note that this config setting is ignored when config4:headlessMode is enabled.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->loginPath(false)
Arguments
$value
(mixed
)
Returns
self
logoutPath()
- Since
- 4.2.0
The URI Craft should use for user logout on the front end.
This can be set to false
to disable front-end logout.
Note that this config setting is ignored when config4:headlessMode is enabled.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->logoutPath(false)
Arguments
$value
(mixed
)
Returns
self
maxBackups()
- Since
- 4.2.0
The number of backups Craft should make before it starts deleting the oldest backups. If set to false
, Craft will not delete any backups.
->maxBackups(5)
Arguments
Returns
self
maxCachedCloudImageSize()
- Since
- 4.2.0
The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0
to never cache them.
->maxCachedCloudImageSize(0)
Arguments
$value
(integer)
Returns
self
maxGraphqlBatchSize()
- Since
- 4.5.5
The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0
to allow any number of queries.
->maxGraphqlBatchSize(500)
Arguments
$value
(integer)
Returns
self
maxGraphqlComplexity()
- Since
- 4.2.0
The maximum allowed complexity a GraphQL query is allowed to have. Set to 0
to allow any complexity.
->maxGraphqlComplexity(500)
Arguments
$value
(integer)
Returns
self
maxGraphqlDepth()
- Since
- 4.2.0
The maximum allowed depth a GraphQL query is allowed to reach. Set to 0
to allow any depth.
->maxGraphqlDepth(5)
Arguments
$value
(integer)
Returns
self
maxGraphqlResults()
- Since
- 4.2.0
The maximum allowed results for a single GraphQL query. Set to 0
to disable any limits.
->maxGraphqlResults(100)
Arguments
$value
(integer)
Returns
self
maxInvalidLogins()
- Since
- 4.2.0
The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.
->maxInvalidLogins(3)
Arguments
Returns
self
maxRevisions()
- Since
- 4.2.0
The maximum number of revisions that should be stored for each element.
Set to 0
if you want to store an unlimited number of revisions.
->maxRevisions(25)
Arguments
Returns
self
maxSlugIncrement()
- Since
- 4.2.0
The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.
->maxSlugIncrement(10)
Arguments
$value
(integer)
Returns
self
maxUploadFileSize()
- Since
- 4.2.0
The maximum upload file size allowed.
See craft\helpers\ConfigHelper::sizeInBytes() for a list of supported value types.
// 25MB
->maxUploadFileSize(26214400)
Arguments
Returns
self
omitScriptNameInUrls()
- Since
- 4.2.0
Whether generated URLs should omit index.php
(e.g. http://my-project.tld/path
instead of http://my-project.tld/index.php/path
)
This can only be possible if your server is configured to redirect would-be 404s to index.php
, for example, with the redirect found in the .htaccess
file that came with Craft:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.+) /index.php?p=$1 [QSA,L]
->omitScriptNameInUrls(true)
Arguments
$value
(boolean)
Returns
self
optimizeImageFilesize()
- Since
- 4.2.0
Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)
->optimizeImageFilesize(false)
Arguments
$value
(boolean)
Returns
self
pageTrigger()
- Since
- 4.2.0
The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.
Example Value | Example URI |
---|---|
p | /news/p5 |
page | /news/page5 |
page/ | /news/page/5 |
?page | /news?page=5 |
TIP
If you want to set this to ?p
(e.g. /news?p=5
), you’ll also need to change your config4:pathParam setting which defaults to p
. If your server is running Apache, you’ll need to update the redirect code in your .htaccess
file to match your new pathParam
value.
->pageTrigger('page')
Arguments
$value
(string)
Returns
self
pathParam()
- Since
- 4.2.0
The query string param that Craft will check when determining the request’s path.
This can be set to null
if your web server is capable of directing traffic to index.php
without a query string param. If you’re using Apache, that means you’ll need to change the RewriteRule
line in your .htaccess
file to:
RewriteRule (.+) index.php [QSA,L]
->pathParam(null)
Arguments
Returns
self
permissionsPolicyHeader()
DEPRECATED
Deprecated in 4.11.0. craft\filters\Headers should be used instead.
- Since
- 4.2.0
The Permissions-Policy
header that should be sent for web responses.
->permissionsPolicyHeader('Permissions-Policy: geolocation=(self)')
Arguments
Returns
self
phpMaxMemoryLimit()
- Since
- 4.2.0
The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.
See https://php.net/manual/en/faq.using.php#faq.using.shorthandbytes for a list of acceptable values.
->phpMaxMemoryLimit('512M')
Arguments
Returns
self
phpSessionName()
- Since
- 4.2.0
The name of the PHP session cookie.
->phpSessionName(null)
See also https://php.net/manual/en/function.session-name.phpView source
Arguments
$value
(string)
Returns
self
postCpLoginRedirect()
- Since
- 4.2.0
The path users should be redirected to after logging into the control panel.
This setting will also come into effect if a user visits the control panel’s login page (/admin/login
) or the control panel’s root URL (/admin
) when they are already logged in.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->postCpLoginRedirect('entries')
Arguments
$value
(mixed
)
Returns
self
postLoginRedirect()
- Since
- 4.2.0
The path users should be redirected to after logging in from the front-end site.
This setting will also come into effect if the user visits the login page (as specified by the config4:loginPath config setting) when they are already logged in.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->postLoginRedirect('welcome')
Arguments
$value
(mixed
)
Returns
self
postLogoutRedirect()
- Since
- 4.2.0
The path that users should be redirected to after logging out from the front-end site.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->postLogoutRedirect('goodbye')
Arguments
$value
(mixed
)
Returns
self
prefixGqlRootTypes()
- Since
- 4.2.0
Whether the config4:gqlTypePrefix config setting should have an impact on query
, mutation
, and subscription
types.
->prefixGqlRootTypes(false)
Arguments
$value
(boolean)
Returns
self
preloadSingles()
- Since
- 4.4.0
Whether Single section entries should be preloaded for Twig templates.
When enabled, Craft will make an educated guess on which Singles should be preloaded for each template based on the variable names that are referenced.
WARNING
You will need to clear your compiled templates from the Caches utility before this setting will take effect.
::: code
->preloadSingles()
CRAFT_PRELOAD_SINGLES=true
:::
Arguments
$value
(boolean)
Returns
self
preserveCmykColorspace()
- Since
- 4.2.0
Whether CMYK should be preserved as the colorspace when manipulating images.
Setting this to true
will prevent Craft from transforming CMYK images to sRGB, but on some ImageMagick versions it can cause image color distortion. This will only have an effect if ImageMagick is in use.
->preserveCmykColorspace(true)
Arguments
$value
(boolean)
Returns
self
preserveExifData()
- Since
- 4.2.0
Whether the EXIF data should be preserved when manipulating and uploading images.
Setting this to true
will result in larger image file sizes.
This will only have effect if ImageMagick is in use.
->preserveExifData(true)
Arguments
$value
(boolean)
Returns
self
preserveImageColorProfiles()
- Since
- 4.2.0
Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.
Setting this to false
will reduce the image size a little bit, but on some ImageMagick versions can cause images to be saved with an incorrect gamma value, which causes the images to become very dark. This will only have effect if ImageMagick is in use.
->preserveImageColorProfiles(false)
Arguments
$value
(boolean)
Returns
self
preventUserEnumeration()
- Since
- 4.2.0
When true
, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.
When set to false
and you go through the “forgot password” flow from the control panel login page, you’ll get distinct messages indicating whether the username/email exists and whether an email was sent with further instructions. This can be helpful for the user attempting to log in but allow for username/email enumeration based on the response.
->preventUserEnumeration(true)
Arguments
$value
(boolean)
Returns
self
previewIframeResizerOptions()
- Since
- 4.2.0
Custom iFrame Resizer options that should be used for preview iframes.
->previewIframeResizerOptions([
'autoResize' => false,
])
Arguments
$value
(array)
Returns
self
previewTokenDuration()
- Since
- 4.2.0
The amount of time content preview tokens can be used before expiring.
Defaults to config4:defaultTokenDuration value.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
// 1 hour
->previewTokenDuration(3600)
Arguments
$value
(mixed
)
Returns
self
privateTemplateTrigger()
- Since
- 4.2.0
The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.
Set to an empty value to disable public template routing.
->privateTemplateTrigger('')
Arguments
$value
(string)
Returns
self
purgePendingUsersDuration()
- Since
- 4.2.0
The amount of time to wait before Craft purges pending users from the system that have not activated.
Any content assigned to a pending user will be deleted as well when the given time interval passes.
Set to 0
to disable this feature.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
TIP
Users will only be purged when garbage collection is run.
// 2 weeks
->purgePendingUsersDuration(1209600)
Arguments
$value
(mixed
)
Returns
self
purgeStaleUserSessionDuration()
- Since
- 4.2.0
The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.
Set to 0
to disable this feature.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
// 1 week
->purgeStaleUserSessionDuration(604800)
Arguments
$value
(mixed
)
Returns
self
purgeUnsavedDraftsDuration()
- Since
- 4.2.0
The amount of time to wait before Craft purges unpublished drafts that were never updated with content.
Set to 0
to disable this feature.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
->purgeUnsavedDraftsDuration(0)
Arguments
$value
(mixed
)
Returns
self
rasterizeSvgThumbs()
- Since
- 4.2.0
Whether SVG thumbnails should be rasterized.
This will only work if ImageMagick is installed, and config4:imageDriver is set to either auto
or imagick
.
->rasterizeSvgThumbs(true)
Arguments
$value
(boolean)
Returns
self
rememberUsernameDuration()
- Since
- 4.2.0
The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.
Set to 0
to disable this feature altogether.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
->rememberUsernameDuration(0)
Arguments
$value
(mixed
)
Returns
self
rememberedUserSessionDuration()
- Since
- 4.2.0
The amount of time a user stays logged if “Remember Me” is checked on the login page.
Set to 0
to disable the “Remember Me” feature altogether.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
->rememberedUserSessionDuration(0)
See also getRememberedUserSessionDuration()View source
Arguments
$value
(mixed
)
Returns
self
Throws
requireMatchingUserAgentForSession()
- Since
- 4.2.0
Whether Craft should require a matching user agent string when restoring a user session from a cookie.
->requireMatchingUserAgentForSession(false)
Arguments
$value
(boolean)
Returns
self
requireUserAgentAndIpForSession()
- Since
- 4.2.0
Whether Craft should require the existence of a user agent string and IP address when creating a new user session.
->requireUserAgentAndIpForSession(false)
Arguments
$value
(boolean)
Returns
self
resourceBasePath()
- Since
- 4.2.0
The path to the root directory that should store published control panel resources.
->resourceBasePath('@webroot/craft-resources')
Arguments
$value
(string)
Returns
self
resourceBaseUrl()
- Since
- 4.2.0
The URL to the root directory that should store published control panel resources.
->resourceBaseUrl('@web/craft-resources')
Arguments
$value
(string)
Returns
self
restoreCommand()
- Since
- 4.2.0
The shell command Craft should execute to restore a database backup.
By default Craft will run mysql
or psql
, provided those libraries are in the $PATH
variable for the user the web server is running as.
There are several tokens you can use that Craft will swap out at runtime:
{path}
- the backup file path{port}
- the current database port{server}
- the current database hostname{user}
- the user to connect to the database{database}
- the current database name{schema}
- the current database schema (if any)
This can also be set to false
to disable database restores completely.
->restoreCommand(false)
Arguments
Returns
self
revAssetUrls()
- Since
- 4.2.0
Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.
->revAssetUrls(true)
Arguments
$value
(boolean)
Returns
self
rotateImagesOnUploadByExifData()
- Since
- 4.2.0
Whether Craft should rotate images according to their EXIF data on upload.
->rotateImagesOnUploadByExifData(false)
Arguments
$value
(boolean)
Returns
self
runQueueAutomatically()
- Since
- 4.2.0
Whether Craft should run pending queue jobs automatically when someone visits the control panel.
If disabled, an alternate queue worker must be set up separately, either as an always-running daemon, or a cron job that runs the queue/run
command every minute:
* * * * * /path/to/project/craft queue/run
TIP
This setting should be disabled for servers running Win32, or with Apache’s mod_deflate/mod_gzip installed, where PHP’s flush() method won’t work.
->runQueueAutomatically(false)
Arguments
$value
(boolean)
Returns
self
safeMode()
- Since
- 4.9.0
Whether the system should run in Safe Mode.
Safe Mode disables all plugins and application config that can alter Craft's expected default behavior.
->safeMode(true)
Arguments
$value
(boolean)
Returns
self
sameSiteCookieValue()
- Since
- 4.2.0
The SameSite value that should be set on Craft cookies, if any.
This can be set to 'None'
, 'Lax'
, 'Strict'
, or null
.
->sameSiteCookieValue('Strict')
Arguments
Returns
self
sanitizeCpImageUploads()
- Since
- 4.2.0
Whether images uploaded via the control panel should be sanitized.
->sanitizeCpImageUploads(false)
Arguments
$value
(boolean)
Returns
self
sanitizeSvgUploads()
- Since
- 4.2.0
Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.
This should definitely be enabled if you are accepting SVG uploads from untrusted sources.
->sanitizeSvgUploads(false)
Arguments
$value
(boolean)
Returns
self
secureHeaders()
- Since
- 4.2.0
Lists of headers that are, by default, subject to the trusted host configuration.
See yii\web\Request::$secureHeaders for more details.
If not set, the default yii\web\Request::$secureHeaders value will be used.
->secureHeaders([
'X-Forwarded-For',
'X-Forwarded-Host',
'X-Forwarded-Proto',
'X-Rewrite-Url',
'X-Original-Host',
'CF-Connecting-IP',
])
Arguments
Returns
self
secureProtocolHeaders()
- Since
- 4.2.0
List of headers to check for determining whether the connection is made via HTTPS.
See yii\web\Request::$secureProtocolHeaders for more details.
If not set, the default yii\web\Request::$secureProtocolHeaders value will be used.
->secureProtocolHeaders([
'X-Forwarded-Proto' => [
'https',
],
'Front-End-Https' => [
'on',
],
'CF-Visitor' => [
'{\"scheme\":\"https\"}',
],
])
Arguments
Returns
self
securityKey()
- Since
- 4.2.0
A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security.
This value should be the same across all environments. If this key ever changes, any data that was encrypted with it will be inaccessible.
->securityKey('2cf24dba5...')
Arguments
$value
(string)
Returns
self
sendContentLengthHeader()
- Since
- 4.2.0
Whether a Content-Length
header should be sent with responses.
->sendContentLengthHeader(true)
Arguments
$value
(boolean)
Returns
self
sendPoweredByHeader()
- Since
- 4.2.0
Whether an X-Powered-By: Craft CMS
header should be sent, helping services like BuiltWith and Wappalyzer identify that the site is running on Craft.
->sendPoweredByHeader(false)
Arguments
$value
(boolean)
Returns
self
setGraphqlDatesToSystemTimeZone()
- Since
- 4.2.0
Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.
->setGraphqlDatesToSystemTimeZone(true)
Arguments
$value
(boolean)
Returns
self
setPasswordPath()
- Since
- 4.2.0
The URI or URL that Craft should use for Set Password forms on the front end.
This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
TIP
You might also want to set config4:invalidUserTokenPath in case a user clicks on an expired password reset link.
->setPasswordPath('set-password')
Arguments
$value
(mixed
)
Returns
self
setPasswordRequestPath()
- Since
- 4.2.0
The URI to the page where users can request to change their password.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
If this is set, Craft will redirect .well-known/change-password requests to this URI.
TIP
You’ll also need to set setPasswordPath, which determines the URI and template path for the Set Password form where the user resets their password after following the link in the Password Reset email.
->setPasswordRequestPath('request-password')
Arguments
$value
(mixed
)
Returns
self
setPasswordSuccessPath()
- Since
- 4.2.0
The URI Craft should redirect users to after setting their password from the front end.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->setPasswordSuccessPath('password-set')
Arguments
$value
(mixed
)
Returns
self
showFirstAndLastNameFields()
- Since
- 4.6.0
Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.
->showFirstAndLastNameFields()
Arguments
$value
(boolean)
Returns
self
siteToken()
- Since
- 4.2.0
The query string parameter name that site tokens should be set to.
->siteToken('t')
Arguments
$value
(string)
Returns
self
slugWordSeparator()
- Since
- 4.2.0
The character(s) that should be used to separate words in slugs.
->slugWordSeparator('.')
Arguments
$value
(string)
Returns
self
softDeleteDuration()
- Since
- 4.2.0
The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.
Set to 0
if you don’t ever want to delete soft-deleted items.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
->softDeleteDuration(0)
Arguments
$value
(mixed
)
Returns
self
storeUserIps()
- Since
- 4.2.0
Whether user IP addresses should be stored/logged by the system.
->storeUserIps(true)
Arguments
$value
(boolean)
Returns
self
testToEmailAddress()
- Since
- 4.2.0
Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.
By default, the recipient name(s) will be “Test Recipient”, but you can customize that by setting the value with the format ['me@domain.tld' => 'Name']
.
->testToEmailAddress('me@domain.tld')
Arguments
Returns
self
timezone()
- Since
- 4.2.0
The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.
This can be set to one of PHP’s supported timezones.
->timezone('Europe/London')
Arguments
Returns
self
tokenParam()
- Since
- 4.2.0
The query string parameter name that Craft tokens should be set to.
->tokenParam('t')
Arguments
$value
(string)
Returns
self
transformGifs()
- Since
- 4.2.0
Whether GIF files should be cleansed/transformed.
->transformGifs(false)
Arguments
$value
(boolean)
Returns
self
transformSvgs()
- Since
- 4.2.0
Whether SVG files should be transformed.
->transformSvgs(false)
Arguments
$value
(boolean)
Returns
self
translationDebugOutput()
- Since
- 4.2.0
Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t()
or the |translate
filter.
->translationDebugOutput(true)
Arguments
$value
(boolean)
Returns
self
trustedHosts()
- Since
- 4.2.0
The configuration for trusted security-related headers.
See yii\web\Request::$trustedHosts for more details.
By default, all hosts are trusted.
->trustedHosts(['trusted-one.foo', 'trusted-two.foo'])
Arguments
$value
(array)
Returns
self
upscaleImages()
- Since
- 4.2.0
Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.
->upscaleImages(false)
Arguments
$value
(boolean)
Returns
self
useEmailAsUsername()
- Since
- 4.2.0
Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.
If you enable this setting after user accounts already exist, run this terminal command to update existing usernames:
php craft utils/update-usernames
->useEmailAsUsername(true)
Arguments
$value
(boolean)
Returns
self
useFileLocks()
- Since
- 4.2.0
Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX
flag.
Some file systems, such as NFS, do not support exclusive file locking.
If null
, Craft will try to detect if the underlying file system supports exclusive file locking and cache the results.
->useFileLocks(false)
See also https://php.net/manual/en/function.file-put-contents.phpView source
Arguments
Returns
self
useIframeResizer()
- Since
- 4.2.0
Whether iFrame Resizer options should be used for Live Preview.
Using iFrame Resizer makes it possible for Craft to retain the preview’s scroll position between page loads, for cross-origin web pages.
It works by setting the height of the iframe to match the height of the inner web page, and the iframe’s container will be scrolled rather than the iframe document itself. This can lead to some unexpected CSS issues, however, because the previewed viewport height will be taller than the visible portion of the iframe.
If you have a decoupled front end, you will need to include iframeResizer.contentWindow.min.js on your page as well for this to work. You can conditionally include it for only Live Preview requests by checking if the requested URL contains a x-craft-live-preview
query string parameter.
TIP
You can customize the behavior of iFrame Resizer via the config4:previewIframeResizerOptions config setting.
->useIframeResizer(true)
Arguments
$value
(boolean)
Returns
self
usePathInfo()
- Since
- 4.2.0
Whether Craft should specify the path using PATH_INFO
or as a query string parameter when generating URLs.
This setting only takes effect if config4:omitScriptNameInUrls is set to false
.
->usePathInfo(true)
Arguments
$value
(boolean)
Returns
self
useSecureCookies()
- Since
- 4.2.0
Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig()
to create a cookie.
Valid values are true
, false
, and 'auto'
. Defaults to 'auto'
, which will set the secure flag if the page you’re currently accessing is over https://
. true
will always set the flag, regardless of protocol and false
will never automatically set the flag.
->useSecureCookies(true)
Arguments
Returns
self
useSslOnTokenizedUrls()
- Since
- 4.2.0
Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto'
, Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https
in the tokenized URL. If not, will use http
.
If set to false
, Craft will always use http
. If set to true
, then, Craft will always use https
.
->useSslOnTokenizedUrls(true)
Arguments
Returns
self
userSessionDuration()
- Since
- 4.2.0
The amount of time before a user will get logged out due to inactivity.
Set to 0
if you want users to stay logged in as long as their browser is open rather than a predetermined amount of time.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
// 3 hours
->userSessionDuration(10800)
Arguments
$value
(mixed
)
Returns
self
verificationCodeDuration()
- Since
- 4.2.0
The amount of time a user verification code can be used before expiring.
See craft\helpers\ConfigHelper::durationInSeconds() for a list of supported value types.
// 1 hour
->verificationCodeDuration(3600)
Arguments
$value
(mixed
)
Returns
self
verifyEmailPath()
- Since
- 4.2.0
The URI or URL that Craft should use for email verification links on the front end.
This setting is ignored when config4:headlessMode is enabled, unless it’s set to an absolute URL.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->verifyEmailPath('verify-email')
See also getVerifyEmailPath()View source
Arguments
$value
(mixed
)
Returns
self
verifyEmailSuccessPath()
- Since
- 4.2.0
The URI that users without access to the control panel should be redirected to after verifying a new email address.
See craft\helpers\ConfigHelper::localizedValue() for a list of supported value types.
->verifyEmailSuccessPath('verified-email')
See also getVerifyEmailSuccessPath()View source
Arguments
$value
(mixed
)
Returns
self
Protected Methods
Method | Description |
---|---|
defineBehaviors() | Returns the behaviors to attach to this class. |
defineRules() | Returns the validation rules for attributes. |
extractFieldsFor() | Extract nested fields from a fields collection for a given root field Nested fields are separated with dots (.). e.g: "item.id" The previous example would extract "id". |
extractRootFields() | Extracts the root field names from nested fields. |
resolveFields() | Determines which fields can be returned by toArray(). |
Constants
Constant | Description |
---|---|
CAMEL_CASE | |
IMAGE_DRIVER_AUTO | |
IMAGE_DRIVER_GD | |
IMAGE_DRIVER_IMAGICK | |
PASCAL_CASE | |
SCENARIO_DEFAULT | The name of the default scenario. |
SNAKE_CASE |