464 lines
16 KiB
PHP
464 lines
16 KiB
PHP
<?php
|
|
|
|
namespace Config;
|
|
|
|
use CodeIgniter\Config\BaseConfig;
|
|
|
|
class App extends BaseConfig
|
|
{
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Base Site URL
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* URL to your CodeIgniter root. Typically this will be your base URL,
|
|
* WITH a trailing slash:
|
|
*
|
|
* http://example.com/
|
|
*
|
|
* If this is not set then CodeIgniter will try guess the protocol, domain
|
|
* and path to your installation. However, you should always configure this
|
|
* explicitly and never rely on auto-guessing, especially in production
|
|
* environments.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $baseURL = 'http://localhost/';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Index File
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Typically this will be your index.php file, unless you've renamed it to
|
|
* something else. If you are using mod_rewrite to remove the page set this
|
|
* variable so that it is blank.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $indexPage = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* URI PROTOCOL
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* This item determines which getServer global should be used to retrieve the
|
|
* URI string. The default setting of 'REQUEST_URI' works for most servers.
|
|
* If your links do not seem to work, try one of the other delicious flavors:
|
|
*
|
|
* 'REQUEST_URI' Uses $_SERVER['REQUEST_URI']
|
|
* 'QUERY_STRING' Uses $_SERVER['QUERY_STRING']
|
|
* 'PATH_INFO' Uses $_SERVER['PATH_INFO']
|
|
*
|
|
* WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
|
|
*
|
|
* @var string
|
|
*/
|
|
public $uriProtocol = 'REQUEST_URI';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Default Locale
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The Locale roughly represents the language and location that your visitor
|
|
* is viewing the site from. It affects the language strings and other
|
|
* strings (like currency markers, numbers, etc), that your program
|
|
* should run under for this request.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $defaultLocale = 'en';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Negotiate Locale
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If true, the current Request object will automatically determine the
|
|
* language to use based on the value of the Accept-Language header.
|
|
*
|
|
* If false, no automatic detection will be performed.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $negotiateLocale = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Supported Locales
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If $negotiateLocale is true, this array lists the locales supported
|
|
* by the application in descending order of priority. If no match is
|
|
* found, the first locale will be used.
|
|
*
|
|
* @var string[]
|
|
*/
|
|
public $supportedLocales = ['en'];
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Application Timezone
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The default timezone that will be used in your application to display
|
|
* dates with the date helper, and can be retrieved through app_timezone()
|
|
*
|
|
* @var string
|
|
*/
|
|
public $appTimezone = 'Europe/Madrid';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Default Character Set
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* This determines which character set is used by default in various methods
|
|
* that require a character set to be provided.
|
|
*
|
|
* @see http://php.net/htmlspecialchars for a list of supported charsets.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $charset = 'UTF-8';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* URI PROTOCOL
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If true, this will force every request made to this application to be
|
|
* made via a secure connection (HTTPS). If the incoming request is not
|
|
* secure, the user will be redirected to a secure version of the page
|
|
* and the HTTP Strict Transport Security header will be set.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $forceGlobalSecureRequests = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Driver
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The session storage driver to use:
|
|
* - `CodeIgniter\Session\Handlers\FileHandler`
|
|
* - `CodeIgniter\Session\Handlers\DatabaseHandler`
|
|
* - `CodeIgniter\Session\Handlers\MemcachedHandler`
|
|
* - `CodeIgniter\Session\Handlers\RedisHandler`
|
|
*
|
|
* @var string
|
|
*/
|
|
public $sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Cookie Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The session cookie name, must contain only [0-9a-z_-] characters
|
|
*
|
|
* @var string
|
|
*/
|
|
public $sessionCookieName = 'ci_session';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Expiration
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The number of SECONDS you want the session to last.
|
|
* Setting to 0 (zero) means expire when the browser is closed.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $sessionExpiration = 7200;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Save Path
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The location to save sessions to and is driver dependent.
|
|
*
|
|
* For the 'files' driver, it's a path to a writable directory.
|
|
* WARNING: Only absolute paths are supported!
|
|
*
|
|
* For the 'database' driver, it's a table name.
|
|
* Please read up the manual for the format with other session drivers.
|
|
*
|
|
* IMPORTANT: You are REQUIRED to set a valid save path!
|
|
*
|
|
* @var string
|
|
*/
|
|
public $sessionSavePath = WRITEPATH . 'session';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Match IP
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Whether to match the user's IP address when reading the session data.
|
|
*
|
|
* WARNING: If you're using the database driver, don't forget to update
|
|
* your session table's PRIMARY KEY when changing this setting.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $sessionMatchIP = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Time to Update
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* How many seconds between CI regenerating the session ID.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $sessionTimeToUpdate = 300;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Session Regenerate Destroy
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Whether to destroy session data associated with the old session ID
|
|
* when auto-regenerating the session ID. When set to FALSE, the data
|
|
* will be later deleted by the garbage collector.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $sessionRegenerateDestroy = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Prefix
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Set a cookie name prefix if you need to avoid collisions.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$prefix property instead.
|
|
*/
|
|
public $cookiePrefix = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Domain
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Set to `.your-domain.com` for site-wide cookies.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$domain property instead.
|
|
*/
|
|
public $cookieDomain = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Path
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Typically will be a forward slash.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$path property instead.
|
|
*/
|
|
public $cookiePath = '/';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie Secure
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Cookie will only be set if a secure HTTPS connection exists.
|
|
*
|
|
* @var bool
|
|
*
|
|
* @deprecated use Config\Cookie::$secure property instead.
|
|
*/
|
|
public $cookieSecure = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie HttpOnly
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Cookie will only be accessible via HTTP(S) (no JavaScript).
|
|
*
|
|
* @var bool
|
|
*
|
|
* @deprecated use Config\Cookie::$httponly property instead.
|
|
*/
|
|
public $cookieHTTPOnly = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Cookie SameSite
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Configure cookie SameSite setting. Allowed values are:
|
|
* - None
|
|
* - Lax
|
|
* - Strict
|
|
* - ''
|
|
*
|
|
* Alternatively, you can use the constant names:
|
|
* - `Cookie::SAMESITE_NONE`
|
|
* - `Cookie::SAMESITE_LAX`
|
|
* - `Cookie::SAMESITE_STRICT`
|
|
*
|
|
* Defaults to `Lax` for compatibility with modern browsers. Setting `''`
|
|
* (empty string) means default SameSite attribute set by browsers (`Lax`)
|
|
* will be set on cookies. If set to `None`, `$cookieSecure` must also be set.
|
|
*
|
|
* @var string
|
|
*
|
|
* @deprecated use Config\Cookie::$samesite property instead.
|
|
*/
|
|
public $cookieSameSite = 'Lax';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Reverse Proxy IPs
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* If your server is behind a reverse proxy, you must whitelist the proxy
|
|
* IP addresses from which CodeIgniter should trust headers such as
|
|
* HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify
|
|
* the visitor's IP address.
|
|
*
|
|
* You can use both an array or a comma-separated list of proxy addresses,
|
|
* as well as specifying whole subnets. Here are a few examples:
|
|
*
|
|
* Comma-separated: '10.0.1.200,192.168.5.0/24'
|
|
* Array: ['10.0.1.200', '192.168.5.0/24']
|
|
*
|
|
* @var string|string[]
|
|
*/
|
|
public $proxyIPs = '';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Token Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The token name.
|
|
*
|
|
* @deprecated Use `Config\Security` $tokenName property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFTokenName = 'csrf_test_name';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Header Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The header name.
|
|
*
|
|
* @deprecated Use `Config\Security` $headerName property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFHeaderName = 'X-CSRF-TOKEN';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Cookie Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The cookie name.
|
|
*
|
|
* @deprecated Use `Config\Security` $cookieName property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFCookieName = 'csrf_cookie_name';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Expire
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* The number in seconds the token should expire.
|
|
*
|
|
* @deprecated Use `Config\Security` $expire property instead of using this property.
|
|
*
|
|
* @var int
|
|
*/
|
|
public $CSRFExpire = 7200;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Regenerate
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Regenerate token on every submission?
|
|
*
|
|
* @deprecated Use `Config\Security` $regenerate property instead of using this property.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $CSRFRegenerate = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Redirect
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Redirect to previous page with error on failure?
|
|
*
|
|
* @deprecated Use `Config\Security` $redirect property instead of using this property.
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $CSRFRedirect = true;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF SameSite
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Setting for CSRF SameSite cookie token. Allowed values are:
|
|
* - None
|
|
* - Lax
|
|
* - Strict
|
|
* - ''
|
|
*
|
|
* Defaults to `Lax` as recommended in this link:
|
|
*
|
|
* @see https://portswigger.net/web-security/csrf/samesite-cookies
|
|
* @deprecated Use `Config\Security` $samesite property instead of using this property.
|
|
*
|
|
* @var string
|
|
*/
|
|
public $CSRFSameSite = 'Lax';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* Content Security Policy
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Enables the Response's Content Secure Policy to restrict the sources that
|
|
* can be used for images, scripts, CSS files, audio, video, etc. If enabled,
|
|
* the Response object will populate default values for the policy from the
|
|
* `ContentSecurityPolicy.php` file. Controllers can always add to those
|
|
* restrictions at run time.
|
|
*
|
|
* For a better understanding of CSP, see these documents:
|
|
*
|
|
* @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/
|
|
* @see http://www.w3.org/TR/CSP/
|
|
*
|
|
* @var bool
|
|
*/
|
|
public $CSPEnabled = false;
|
|
}
|