Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.

466 lines
16KB

  1. <?php
  2. namespace Config;
  3. use CodeIgniter\Config\BaseConfig;
  4. use CodeIgniter\Session\Handlers\FileHandler;
  5. class App extends BaseConfig
  6. {
  7. /**
  8. * --------------------------------------------------------------------------
  9. * Base Site URL
  10. * --------------------------------------------------------------------------
  11. *
  12. * URL to your CodeIgniter root. Typically this will be your base URL,
  13. * WITH a trailing slash:
  14. *
  15. * http://example.com/
  16. *
  17. * If this is not set then CodeIgniter will try guess the protocol, domain
  18. * and path to your installation. However, you should always configure this
  19. * explicitly and never rely on auto-guessing, especially in production
  20. * environments.
  21. *
  22. * @var string
  23. */
  24. public $baseURL = 'http://localhost:8080/';
  25. /**
  26. * --------------------------------------------------------------------------
  27. * Index File
  28. * --------------------------------------------------------------------------
  29. *
  30. * Typically this will be your index.php file, unless you've renamed it to
  31. * something else. If you are using mod_rewrite to remove the page set this
  32. * variable so that it is blank.
  33. *
  34. * @var string
  35. */
  36. public $indexPage = '';
  37. /**
  38. * --------------------------------------------------------------------------
  39. * URI PROTOCOL
  40. * --------------------------------------------------------------------------
  41. *
  42. * This item determines which getServer global should be used to retrieve the
  43. * URI string. The default setting of 'REQUEST_URI' works for most servers.
  44. * If your links do not seem to work, try one of the other delicious flavors:
  45. *
  46. * 'REQUEST_URI' Uses $_SERVER['REQUEST_URI']
  47. * 'QUERY_STRING' Uses $_SERVER['QUERY_STRING']
  48. * 'PATH_INFO' Uses $_SERVER['PATH_INFO']
  49. *
  50. * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
  51. *
  52. * @var string
  53. */
  54. public $uriProtocol = 'REQUEST_URI';
  55. /**
  56. * --------------------------------------------------------------------------
  57. * Default Locale
  58. * --------------------------------------------------------------------------
  59. *
  60. * The Locale roughly represents the language and location that your visitor
  61. * is viewing the site from. It affects the language strings and other
  62. * strings (like currency markers, numbers, etc), that your program
  63. * should run under for this request.
  64. *
  65. * @var string
  66. */
  67. public $defaultLocale = 'en';
  68. /**
  69. * --------------------------------------------------------------------------
  70. * Negotiate Locale
  71. * --------------------------------------------------------------------------
  72. *
  73. * If true, the current Request object will automatically determine the
  74. * language to use based on the value of the Accept-Language header.
  75. *
  76. * If false, no automatic detection will be performed.
  77. *
  78. * @var bool
  79. */
  80. public $negotiateLocale = false;
  81. /**
  82. * --------------------------------------------------------------------------
  83. * Supported Locales
  84. * --------------------------------------------------------------------------
  85. *
  86. * If $negotiateLocale is true, this array lists the locales supported
  87. * by the application in descending order of priority. If no match is
  88. * found, the first locale will be used.
  89. *
  90. * @var string[]
  91. */
  92. public $supportedLocales = ['en'];
  93. /**
  94. * --------------------------------------------------------------------------
  95. * Application Timezone
  96. * --------------------------------------------------------------------------
  97. *
  98. * The default timezone that will be used in your application to display
  99. * dates with the date helper, and can be retrieved through app_timezone()
  100. *
  101. * @var string
  102. */
  103. public $appTimezone = 'America/Chicago';
  104. /**
  105. * --------------------------------------------------------------------------
  106. * Default Character Set
  107. * --------------------------------------------------------------------------
  108. *
  109. * This determines which character set is used by default in various methods
  110. * that require a character set to be provided.
  111. *
  112. * @see http://php.net/htmlspecialchars for a list of supported charsets.
  113. *
  114. * @var string
  115. */
  116. public $charset = 'UTF-8';
  117. /**
  118. * --------------------------------------------------------------------------
  119. * URI PROTOCOL
  120. * --------------------------------------------------------------------------
  121. *
  122. * If true, this will force every request made to this application to be
  123. * made via a secure connection (HTTPS). If the incoming request is not
  124. * secure, the user will be redirected to a secure version of the page
  125. * and the HTTP Strict Transport Security header will be set.
  126. *
  127. * @var bool
  128. */
  129. public $forceGlobalSecureRequests = false;
  130. /**
  131. * --------------------------------------------------------------------------
  132. * Session Driver
  133. * --------------------------------------------------------------------------
  134. *
  135. * The session storage driver to use:
  136. * - `CodeIgniter\Session\Handlers\FileHandler`
  137. * - `CodeIgniter\Session\Handlers\DatabaseHandler`
  138. * - `CodeIgniter\Session\Handlers\MemcachedHandler`
  139. * - `CodeIgniter\Session\Handlers\RedisHandler`
  140. *
  141. * @var string
  142. */
  143. public $sessionDriver = FileHandler::class;
  144. /**
  145. * --------------------------------------------------------------------------
  146. * Session Cookie Name
  147. * --------------------------------------------------------------------------
  148. *
  149. * The session cookie name, must contain only [0-9a-z_-] characters
  150. *
  151. * @var string
  152. */
  153. public $sessionCookieName = 'ci_session';
  154. /**
  155. * --------------------------------------------------------------------------
  156. * Session Expiration
  157. * --------------------------------------------------------------------------
  158. *
  159. * The number of SECONDS you want the session to last.
  160. * Setting to 0 (zero) means expire when the browser is closed.
  161. *
  162. * @var int
  163. */
  164. public $sessionExpiration = 7200;
  165. /**
  166. * --------------------------------------------------------------------------
  167. * Session Save Path
  168. * --------------------------------------------------------------------------
  169. *
  170. * The location to save sessions to and is driver dependent.
  171. *
  172. * For the 'files' driver, it's a path to a writable directory.
  173. * WARNING: Only absolute paths are supported!
  174. *
  175. * For the 'database' driver, it's a table name.
  176. * Please read up the manual for the format with other session drivers.
  177. *
  178. * IMPORTANT: You are REQUIRED to set a valid save path!
  179. *
  180. * @var string
  181. */
  182. public $sessionSavePath = WRITEPATH . 'session';
  183. /**
  184. * --------------------------------------------------------------------------
  185. * Session Match IP
  186. * --------------------------------------------------------------------------
  187. *
  188. * Whether to match the user's IP address when reading the session data.
  189. *
  190. * WARNING: If you're using the database driver, don't forget to update
  191. * your session table's PRIMARY KEY when changing this setting.
  192. *
  193. * @var bool
  194. */
  195. public $sessionMatchIP = false;
  196. /**
  197. * --------------------------------------------------------------------------
  198. * Session Time to Update
  199. * --------------------------------------------------------------------------
  200. *
  201. * How many seconds between CI regenerating the session ID.
  202. *
  203. * @var int
  204. */
  205. public $sessionTimeToUpdate = 300;
  206. /**
  207. * --------------------------------------------------------------------------
  208. * Session Regenerate Destroy
  209. * --------------------------------------------------------------------------
  210. *
  211. * Whether to destroy session data associated with the old session ID
  212. * when auto-regenerating the session ID. When set to FALSE, the data
  213. * will be later deleted by the garbage collector.
  214. *
  215. * @var bool
  216. */
  217. public $sessionRegenerateDestroy = false;
  218. /**
  219. * --------------------------------------------------------------------------
  220. * Cookie Prefix
  221. * --------------------------------------------------------------------------
  222. *
  223. * Set a cookie name prefix if you need to avoid collisions.
  224. *
  225. * @var string
  226. *
  227. * @deprecated use Config\Cookie::$prefix property instead.
  228. */
  229. public $cookiePrefix = '';
  230. /**
  231. * --------------------------------------------------------------------------
  232. * Cookie Domain
  233. * --------------------------------------------------------------------------
  234. *
  235. * Set to `.your-domain.com` for site-wide cookies.
  236. *
  237. * @var string
  238. *
  239. * @deprecated use Config\Cookie::$domain property instead.
  240. */
  241. public $cookieDomain = '';
  242. /**
  243. * --------------------------------------------------------------------------
  244. * Cookie Path
  245. * --------------------------------------------------------------------------
  246. *
  247. * Typically will be a forward slash.
  248. *
  249. * @var string
  250. *
  251. * @deprecated use Config\Cookie::$path property instead.
  252. */
  253. public $cookiePath = '/';
  254. /**
  255. * --------------------------------------------------------------------------
  256. * Cookie Secure
  257. * --------------------------------------------------------------------------
  258. *
  259. * Cookie will only be set if a secure HTTPS connection exists.
  260. *
  261. * @var bool
  262. *
  263. * @deprecated use Config\Cookie::$secure property instead.
  264. */
  265. public $cookieSecure = false;
  266. /**
  267. * --------------------------------------------------------------------------
  268. * Cookie HttpOnly
  269. * --------------------------------------------------------------------------
  270. *
  271. * Cookie will only be accessible via HTTP(S) (no JavaScript).
  272. *
  273. * @var bool
  274. *
  275. * @deprecated use Config\Cookie::$httponly property instead.
  276. */
  277. public $cookieHTTPOnly = true;
  278. /**
  279. * --------------------------------------------------------------------------
  280. * Cookie SameSite
  281. * --------------------------------------------------------------------------
  282. *
  283. * Configure cookie SameSite setting. Allowed values are:
  284. * - None
  285. * - Lax
  286. * - Strict
  287. * - ''
  288. *
  289. * Alternatively, you can use the constant names:
  290. * - `Cookie::SAMESITE_NONE`
  291. * - `Cookie::SAMESITE_LAX`
  292. * - `Cookie::SAMESITE_STRICT`
  293. *
  294. * Defaults to `Lax` for compatibility with modern browsers. Setting `''`
  295. * (empty string) means default SameSite attribute set by browsers (`Lax`)
  296. * will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
  297. *
  298. * @var string|null
  299. *
  300. * @deprecated use Config\Cookie::$samesite property instead.
  301. */
  302. public $cookieSameSite = 'Lax';
  303. /**
  304. * --------------------------------------------------------------------------
  305. * Reverse Proxy IPs
  306. * --------------------------------------------------------------------------
  307. *
  308. * If your server is behind a reverse proxy, you must whitelist the proxy
  309. * IP addresses from which CodeIgniter should trust headers such as
  310. * HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify
  311. * the visitor's IP address.
  312. *
  313. * You can use both an array or a comma-separated list of proxy addresses,
  314. * as well as specifying whole subnets. Here are a few examples:
  315. *
  316. * Comma-separated: '10.0.1.200,192.168.5.0/24'
  317. * Array: ['10.0.1.200', '192.168.5.0/24']
  318. *
  319. * @var string|string[]
  320. */
  321. public $proxyIPs = '';
  322. /**
  323. * --------------------------------------------------------------------------
  324. * CSRF Token Name
  325. * --------------------------------------------------------------------------
  326. *
  327. * The token name.
  328. *
  329. * @deprecated Use `Config\Security` $tokenName property instead of using this property.
  330. *
  331. * @var string
  332. */
  333. public $CSRFTokenName = 'csrf_test_name';
  334. /**
  335. * --------------------------------------------------------------------------
  336. * CSRF Header Name
  337. * --------------------------------------------------------------------------
  338. *
  339. * The header name.
  340. *
  341. * @deprecated Use `Config\Security` $headerName property instead of using this property.
  342. *
  343. * @var string
  344. */
  345. public $CSRFHeaderName = 'X-CSRF-TOKEN';
  346. /**
  347. * --------------------------------------------------------------------------
  348. * CSRF Cookie Name
  349. * --------------------------------------------------------------------------
  350. *
  351. * The cookie name.
  352. *
  353. * @deprecated Use `Config\Security` $cookieName property instead of using this property.
  354. *
  355. * @var string
  356. */
  357. public $CSRFCookieName = 'csrf_cookie_name';
  358. /**
  359. * --------------------------------------------------------------------------
  360. * CSRF Expire
  361. * --------------------------------------------------------------------------
  362. *
  363. * The number in seconds the token should expire.
  364. *
  365. * @deprecated Use `Config\Security` $expire property instead of using this property.
  366. *
  367. * @var int
  368. */
  369. public $CSRFExpire = 7200;
  370. /**
  371. * --------------------------------------------------------------------------
  372. * CSRF Regenerate
  373. * --------------------------------------------------------------------------
  374. *
  375. * Regenerate token on every submission?
  376. *
  377. * @deprecated Use `Config\Security` $regenerate property instead of using this property.
  378. *
  379. * @var bool
  380. */
  381. public $CSRFRegenerate = true;
  382. /**
  383. * --------------------------------------------------------------------------
  384. * CSRF Redirect
  385. * --------------------------------------------------------------------------
  386. *
  387. * Redirect to previous page with error on failure?
  388. *
  389. * @deprecated Use `Config\Security` $redirect property instead of using this property.
  390. *
  391. * @var bool
  392. */
  393. public $CSRFRedirect = true;
  394. /**
  395. * --------------------------------------------------------------------------
  396. * CSRF SameSite
  397. * --------------------------------------------------------------------------
  398. *
  399. * Setting for CSRF SameSite cookie token. Allowed values are:
  400. * - None
  401. * - Lax
  402. * - Strict
  403. * - ''
  404. *
  405. * Defaults to `Lax` as recommended in this link:
  406. *
  407. * @see https://portswigger.net/web-security/csrf/samesite-cookies
  408. * @deprecated `Config\Cookie` $samesite property is used.
  409. *
  410. * @var string
  411. */
  412. public $CSRFSameSite = 'Lax';
  413. /**
  414. * --------------------------------------------------------------------------
  415. * Content Security Policy
  416. * --------------------------------------------------------------------------
  417. *
  418. * Enables the Response's Content Secure Policy to restrict the sources that
  419. * can be used for images, scripts, CSS files, audio, video, etc. If enabled,
  420. * the Response object will populate default values for the policy from the
  421. * `ContentSecurityPolicy.php` file. Controllers can always add to those
  422. * restrictions at run time.
  423. *
  424. * For a better understanding of CSP, see these documents:
  425. *
  426. * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
  427. * @see http://www.w3.org/TR/CSP/
  428. *
  429. * @var bool
  430. */
  431. public $CSPEnabled = false;
  432. }