<?php namespace Config; use CodeIgniter\Config\BaseConfig; class App extends BaseConfig { /** * -------------------------------------------------------------------------- * Base Site URL * -------------------------------------------------------------------------- * * URL to your CodeIgniter root. Typically this will be your base URL, * WITH a trailing slash: * * http://example.com/ * * If this is not set then CodeIgniter will try guess the protocol, domain * and path to your installation. However, you should always configure this * explicitly and never rely on auto-guessing, especially in production * environments. * * @var string */ public $baseURL = 'http://localhost:8080/'; /** * -------------------------------------------------------------------------- * Index File * -------------------------------------------------------------------------- * * Typically this will be your index.php file, unless you've renamed it to * something else. If you are using mod_rewrite to remove the page set this * variable so that it is blank. * * @var string */ public $indexPage = 'index.php'; /** * -------------------------------------------------------------------------- * URI PROTOCOL * -------------------------------------------------------------------------- * * This item determines which getServer global should be used to retrieve the * URI string. The default setting of 'REQUEST_URI' works for most servers. * If your links do not seem to work, try one of the other delicious flavors: * * 'REQUEST_URI' Uses $_SERVER['REQUEST_URI'] * 'QUERY_STRING' Uses $_SERVER['QUERY_STRING'] * 'PATH_INFO' Uses $_SERVER['PATH_INFO'] * * WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded! * * @var string */ public $uriProtocol = 'REQUEST_URI'; /** * -------------------------------------------------------------------------- * Default Locale * -------------------------------------------------------------------------- * * The Locale roughly represents the language and location that your visitor * is viewing the site from. It affects the language strings and other * strings (like currency markers, numbers, etc), that your program * should run under for this request. * * @var string */ public $defaultLocale = 'en'; /** * -------------------------------------------------------------------------- * Negotiate Locale * -------------------------------------------------------------------------- * * If true, the current Request object will automatically determine the * language to use based on the value of the Accept-Language header. * * If false, no automatic detection will be performed. * * @var boolean */ public $negotiateLocale = false; /** * -------------------------------------------------------------------------- * Supported Locales * -------------------------------------------------------------------------- * * If $negotiateLocale is true, this array lists the locales supported * by the application in descending order of priority. If no match is * found, the first locale will be used. * * @var string[] */ public $supportedLocales = ['en']; /** * -------------------------------------------------------------------------- * Application Timezone * -------------------------------------------------------------------------- * * The default timezone that will be used in your application to display * dates with the date helper, and can be retrieved through app_timezone() * * @var string */ public $appTimezone = 'America/Chicago'; /** * -------------------------------------------------------------------------- * Default Character Set * -------------------------------------------------------------------------- * * This determines which character set is used by default in various methods * that require a character set to be provided. * * @see http://php.net/htmlspecialchars for a list of supported charsets. * * @var string */ public $charset = 'UTF-8'; /** * -------------------------------------------------------------------------- * URI PROTOCOL * -------------------------------------------------------------------------- * * If true, this will force every request made to this application to be * made via a secure connection (HTTPS). If the incoming request is not * secure, the user will be redirected to a secure version of the page * and the HTTP Strict Transport Security header will be set. * * @var boolean */ public $forceGlobalSecureRequests = false; /** * -------------------------------------------------------------------------- * Session Driver * -------------------------------------------------------------------------- * * The session storage driver to use: * - `CodeIgniter\Session\Handlers\FileHandler` * - `CodeIgniter\Session\Handlers\DatabaseHandler` * - `CodeIgniter\Session\Handlers\MemcachedHandler` * - `CodeIgniter\Session\Handlers\RedisHandler` * * @var string */ public $sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler'; /** * -------------------------------------------------------------------------- * Session Cookie Name * -------------------------------------------------------------------------- * * The session cookie name, must contain only [0-9a-z_-] characters * * @var string */ public $sessionCookieName = 'ci_session'; /** * -------------------------------------------------------------------------- * Session Expiration * -------------------------------------------------------------------------- * * The number of SECONDS you want the session to last. * Setting to 0 (zero) means expire when the browser is closed. * * @var integer */ public $sessionExpiration = 7200; /** * -------------------------------------------------------------------------- * Session Save Path * -------------------------------------------------------------------------- * * The location to save sessions to and is driver dependent. * * For the 'files' driver, it's a path to a writable directory. * WARNING: Only absolute paths are supported! * * For the 'database' driver, it's a table name. * Please read up the manual for the format with other session drivers. * * IMPORTANT: You are REQUIRED to set a valid save path! * * @var string */ public $sessionSavePath = WRITEPATH . 'session'; /** * -------------------------------------------------------------------------- * Session Match IP * -------------------------------------------------------------------------- * * Whether to match the user's IP address when reading the session data. * * WARNING: If you're using the database driver, don't forget to update * your session table's PRIMARY KEY when changing this setting. * * @var boolean */ public $sessionMatchIP = false; /** * -------------------------------------------------------------------------- * Session Time to Update * -------------------------------------------------------------------------- * * How many seconds between CI regenerating the session ID. * * @var integer */ public $sessionTimeToUpdate = 300; /** * -------------------------------------------------------------------------- * Session Regenerate Destroy * -------------------------------------------------------------------------- * * Whether to destroy session data associated with the old session ID * when auto-regenerating the session ID. When set to FALSE, the data * will be later deleted by the garbage collector. * * @var boolean */ public $sessionRegenerateDestroy = false; /** * -------------------------------------------------------------------------- * Cookie Prefix * -------------------------------------------------------------------------- * * Set a cookie name prefix if you need to avoid collisions. * * @var string */ public $cookiePrefix = ''; /** * -------------------------------------------------------------------------- * Cookie Domain * -------------------------------------------------------------------------- * * Set to `.your-domain.com` for site-wide cookies. * * @var string */ public $cookieDomain = ''; /** * -------------------------------------------------------------------------- * Cookie Path * -------------------------------------------------------------------------- * * Typically will be a forward slash. * * @var string */ public $cookiePath = '/'; /** * -------------------------------------------------------------------------- * Cookie Secure * -------------------------------------------------------------------------- * * Cookie will only be set if a secure HTTPS connection exists. * * @var boolean */ public $cookieSecure = false; /** * -------------------------------------------------------------------------- * Cookie HTTP Only * -------------------------------------------------------------------------- * * Cookie will only be accessible via HTTP(S) (no JavaScript). * * @var boolean */ public $cookieHTTPOnly = false; /** * -------------------------------------------------------------------------- * Cookie SameSite * -------------------------------------------------------------------------- * * Configure cookie SameSite setting. Allowed values are: * - None * - Lax * - Strict * - '' * * Defaults to `Lax` for compatibility with modern browsers. Setting `''` * (empty string) means no SameSite attribute will be set on cookies. If * set to `None`, `$cookieSecure` must also be set. * * @var string 'Lax'|'None'|'Strict' */ public $cookieSameSite = 'Lax'; /** * -------------------------------------------------------------------------- * Reverse Proxy IPs * -------------------------------------------------------------------------- * * If your server is behind a reverse proxy, you must whitelist the proxy * IP addresses from which CodeIgniter should trust headers such as * HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify * the visitor's IP address. * * You can use both an array or a comma-separated list of proxy addresses, * as well as specifying whole subnets. Here are a few examples: * * Comma-separated: '10.0.1.200,192.168.5.0/24' * Array: ['10.0.1.200', '192.168.5.0/24'] * * @var string|string[] */ public $proxyIPs = ''; /** * -------------------------------------------------------------------------- * CSRF Token Name * -------------------------------------------------------------------------- * * The token name. * * @deprecated Use `Config\Security` $tokenName property instead of using this property. * * @var string */ public $CSRFTokenName = 'csrf_test_name'; /** * -------------------------------------------------------------------------- * CSRF Header Name * -------------------------------------------------------------------------- * * The header name. * * @deprecated Use `Config\Security` $headerName property instead of using this property. * * @var string */ public $CSRFHeaderName = 'X-CSRF-TOKEN'; /** * -------------------------------------------------------------------------- * CSRF Cookie Name * -------------------------------------------------------------------------- * * The cookie name. * * @deprecated Use `Config\Security` $cookieName property instead of using this property. * * @var string */ public $CSRFCookieName = 'csrf_cookie_name'; /** * -------------------------------------------------------------------------- * CSRF Expire * -------------------------------------------------------------------------- * * The number in seconds the token should expire. * * @deprecated Use `Config\Security` $expire property instead of using this property. * * @var integer */ public $CSRFExpire = 7200; /** * -------------------------------------------------------------------------- * CSRF Regenerate * -------------------------------------------------------------------------- * * Regenerate token on every submission? * * @deprecated Use `Config\Security` $regenerate property instead of using this property. * * @var boolean */ public $CSRFRegenerate = true; /** * -------------------------------------------------------------------------- * CSRF Redirect * -------------------------------------------------------------------------- * * Redirect to previous page with error on failure? * * @deprecated Use `Config\Security` $redirect property instead of using this property. * * @var boolean */ public $CSRFRedirect = true; /** * -------------------------------------------------------------------------- * CSRF SameSite * -------------------------------------------------------------------------- * * Setting for CSRF SameSite cookie token. Allowed values are: * - None * - Lax * - Strict * - '' * * Defaults to `Lax` as recommended in this link: * * @see https://portswigger.net/web-security/csrf/samesite-cookies * * @deprecated Use `Config\Security` $samesite property instead of using this property. * * @var string */ public $CSRFSameSite = 'Lax'; /** * -------------------------------------------------------------------------- * Content Security Policy * -------------------------------------------------------------------------- * * Enables the Response's Content Secure Policy to restrict the sources that * can be used for images, scripts, CSS files, audio, video, etc. If enabled, * the Response object will populate default values for the policy from the * `ContentSecurityPolicy.php` file. Controllers can always add to those * restrictions at run time. * * For a better understanding of CSP, see these documents: * * @see http://www.html5rocks.com/en/tutorials/security/content-security-policy/ * @see http://www.w3.org/TR/CSP/ * * @var boolean */ public $CSPEnabled = false; }