CodeIgniter4/env

#--------------------------------------------------------------------
# Example Environment Configuration file
#
# This file can be used as a starting point for your own
# custom .env files, and contains most of the possible settings
# available in a default install.
#
# By default, all of the settings are commented out. If you want
# to override the setting, you must un-comment it by removing the '#'
# at the beginning of the line.
#--------------------------------------------------------------------

#--------------------------------------------------------------------
# ENVIRONMENT
#--------------------------------------------------------------------

# CI_ENVIRONMENT = production

#--------------------------------------------------------------------
# APP
#--------------------------------------------------------------------

# app.baseURL = ''
# app.forceGlobalSecureRequests = false

# app.sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler'
# app.sessionCookieName = 'ci_session'
# app.sessionExpiration = 7200
# app.sessionSavePath = null
# app.sessionMatchIP = false
# app.sessionTimeToUpdate = 300
# app.sessionRegenerateDestroy = false

# app.CSPEnabled = false

#--------------------------------------------------------------------
# DATABASE
#--------------------------------------------------------------------

# database.default.hostname = localhost
# database.default.database = ci4
# database.default.username = root
# database.default.password = root
# database.default.DBDriver = MySQLi
# database.default.DBPrefix =

# database.tests.hostname = localhost
# database.tests.database = ci4
# database.tests.username = root
# database.tests.password = root
# database.tests.DBDriver = MySQLi
# database.tests.DBPrefix =

#--------------------------------------------------------------------
# CONTENT SECURITY POLICY
#--------------------------------------------------------------------

# contentsecuritypolicy.reportOnly = false
# contentsecuritypolicy.defaultSrc = 'none'
# contentsecuritypolicy.scriptSrc = 'self'
# contentsecuritypolicy.styleSrc = 'self'
# contentsecuritypolicy.imageSrc = 'self'
# contentsecuritypolicy.baseURI = null
# contentsecuritypolicy.childSrc = null
# contentsecuritypolicy.connectSrc = 'self'
# contentsecuritypolicy.fontSrc = null
# contentsecuritypolicy.formAction = null
# contentsecuritypolicy.frameAncestors = null
# contentsecuritypolicy.frameSrc = null
# contentsecuritypolicy.mediaSrc = null
# contentsecuritypolicy.objectSrc = null
# contentsecuritypolicy.pluginTypes = null
# contentsecuritypolicy.reportURI = null
# contentsecuritypolicy.sandbox = false
# contentsecuritypolicy.upgradeInsecureRequests = false
# contentsecuritypolicy.styleNonceTag = '{csp-style-nonce}'
# contentsecuritypolicy.scriptNonceTag = '{csp-script-nonce}'
# contentsecuritypolicy.autoNonce = true

#--------------------------------------------------------------------
# COOKIE
#--------------------------------------------------------------------

# cookie.prefix = ''
# cookie.expires = 0
# cookie.path = '/'
# cookie.domain = ''
# cookie.secure = false
# cookie.httponly = false
# cookie.samesite = 'Lax'
# cookie.raw = false

#--------------------------------------------------------------------
# ENCRYPTION
#--------------------------------------------------------------------

# encryption.key =
# encryption.driver = OpenSSL
# encryption.blockSize = 16
# encryption.digest = SHA512

#--------------------------------------------------------------------
# HONEYPOT
#--------------------------------------------------------------------

# honeypot.hidden = 'true'
# honeypot.label = 'Fill This Field'
# honeypot.name = 'honeypot'
# honeypot.template = '<label>{label}</label><input type="text" name="{name}" value=""/>'
# honeypot.container = '<div style="display:none">{template}</div>'

#--------------------------------------------------------------------
# SECURITY
#--------------------------------------------------------------------

# security.csrfProtection = 'cookie'
# security.tokenRandomize = false
# security.tokenName = 'csrf_token_name'
# security.headerName = 'X-CSRF-TOKEN'
# security.cookieName = 'csrf_cookie_name'
# security.expires = 7200
# security.regenerate = true
# security.redirect = true
# security.samesite = 'Lax'

#--------------------------------------------------------------------
# LOGGER
#--------------------------------------------------------------------

# logger.threshold = 4

#--------------------------------------------------------------------
# CURLRequest
#--------------------------------------------------------------------

# curlrequest.shareOptions = true
Added basic .env example file with most of the current settings that would be likely to be set. 2016-03-07 21:22:15 -06:00			`#--------------------------------------------------------------------`
			`# Example Environment Configuration file`
			`#`
			`# This file can be used as a starting point for your own`
			`# custom .env files, and contains most of the possible settings`
			`# available in a default install.`
			`#`
			`# By default, all of the settings are commented out. If you want`
			`# to override the setting, you must un-comment it by removing the '#'`
			`# at the beginning of the line.`
			`#--------------------------------------------------------------------`

Add example environment line to /env Seems like maybe an oversight that .env has no seed value for the environment? "Handling Multiple Environments" covers how to set this but is very terse. I propose adding a pre-commented version front-and-center Ref: https://codeigniter4.github.io/userguide/general/environments.html 2019-02-20 11:50:04 -05:00			`#--------------------------------------------------------------------`
			`# ENVIRONMENT`
			`#--------------------------------------------------------------------`

			`# CI_ENVIRONMENT = production`

Added basic .env example file with most of the current settings that would be likely to be set. 2016-03-07 21:22:15 -06:00			`#--------------------------------------------------------------------`
			`# APP`
			`#--------------------------------------------------------------------`

			`# app.baseURL = ''`
			`# app.forceGlobalSecureRequests = false`

			`# app.sessionDriver = 'CodeIgniter\Session\Handlers\FileHandler'`
			`# app.sessionCookieName = 'ci_session'`
Cleanup and adding few configuration items. 2021-03-30 08:13:00 +05:30			`# app.sessionExpiration = 7200`
Update documentation code samples (#5039) 2021-08-30 22:55:10 +08:00			`# app.sessionSavePath = null`
fix typo 2018-02-15 01:24:01 +07:00			`# app.sessionMatchIP = false`
Added basic .env example file with most of the current settings that would be likely to be set. 2016-03-07 21:22:15 -06:00			`# app.sessionTimeToUpdate = 300`
			`# app.sessionRegenerateDestroy = false`

			`# app.CSPEnabled = false`

Added sample database entries to env.example 2016-06-28 22:44:37 -05:00			`#--------------------------------------------------------------------`
			`# DATABASE`
			`#--------------------------------------------------------------------`

			`# database.default.hostname = localhost`
			`# database.default.database = ci4`
			`# database.default.username = root`
			`# database.default.password = root`
			`# database.default.DBDriver = MySQLi`
Cleanup and adding few configuration items. 2021-03-30 08:13:00 +05:30			`# database.default.DBPrefix =`
Added sample database entries to env.example 2016-06-28 22:44:37 -05:00
			`# database.tests.hostname = localhost`
			`# database.tests.database = ci4`
			`# database.tests.username = root`
			`# database.tests.password = root`
			`# database.tests.DBDriver = MySQLi`
Cleanup and adding few configuration items. 2021-03-30 08:13:00 +05:30			`# database.tests.DBPrefix =`
Added sample database entries to env.example 2016-06-28 22:44:37 -05:00
Added basic .env example file with most of the current settings that would be likely to be set. 2016-03-07 21:22:15 -06:00			`#--------------------------------------------------------------------`
			`# CONTENT SECURITY POLICY`
			`#--------------------------------------------------------------------`

			`# contentsecuritypolicy.reportOnly = false`
			`# contentsecuritypolicy.defaultSrc = 'none'`
			`# contentsecuritypolicy.scriptSrc = 'self'`
			`# contentsecuritypolicy.styleSrc = 'self'`
			`# contentsecuritypolicy.imageSrc = 'self'`
config: fix incorrect property name 2021-12-31 13:55:42 +09:00			`# contentsecuritypolicy.baseURI = null`
Added basic .env example file with most of the current settings that would be likely to be set. 2016-03-07 21:22:15 -06:00			`# contentsecuritypolicy.childSrc = null`
			`# contentsecuritypolicy.connectSrc = 'self'`
			`# contentsecuritypolicy.fontSrc = null`
			`# contentsecuritypolicy.formAction = null`
			`# contentsecuritypolicy.frameAncestors = null`
Add support for frame-src to CSP 2020-11-25 10:36:07 -05:00			`# contentsecuritypolicy.frameSrc = null`
Added basic .env example file with most of the current settings that would be likely to be set. 2016-03-07 21:22:15 -06:00			`# contentsecuritypolicy.mediaSrc = null`
			`# contentsecuritypolicy.objectSrc = null`
			`# contentsecuritypolicy.pluginTypes = null`
			`# contentsecuritypolicy.reportURI = null`
			`# contentsecuritypolicy.sandbox = false`
			`# contentsecuritypolicy.upgradeInsecureRequests = false`
feat: custom nonce tags 2021-12-31 13:26:08 +09:00			`# contentsecuritypolicy.styleNonceTag = '{csp-style-nonce}'`
			`# contentsecuritypolicy.scriptNonceTag = '{csp-script-nonce}'`
feat: add config for disabling to replace nonce tag automatically 2021-12-31 14:01:36 +09:00			`# contentsecuritypolicy.autoNonce = true`
Honeypot Implementation - added honeypot config to env 2018-06-05 21:22:57 +01:00
Create Config\Cookie for Cookie class (#4508) 2021-04-10 17:25:16 +02:00			`#--------------------------------------------------------------------`
			`# COOKIE`
			`#--------------------------------------------------------------------`

Remove deprecated settings in main env 2021-04-11 01:17:57 +08:00			`# cookie.prefix = ''`
			`# cookie.expires = 0`
			`# cookie.path = '/'`
			`# cookie.domain = ''`
			`# cookie.secure = false`
Create Config\Cookie for Cookie class (#4508) 2021-04-10 17:25:16 +02:00			`# cookie.httponly = false`
			`# cookie.samesite = 'Lax'`
Remove deprecated settings in main env 2021-04-11 01:17:57 +08:00			`# cookie.raw = false`
Create Config\Cookie for Cookie class (#4508) 2021-04-10 17:25:16 +02:00
Add hex2bin prefix handling for encryption key. Fixes #3297 2020-07-14 21:56:51 +02:00			`#--------------------------------------------------------------------`
			`# ENCRYPTION`
			`#--------------------------------------------------------------------`

Encryption library optimization 2020-07-28 00:04:41 +08:00			`# encryption.key =`
Add hex2bin prefix handling for encryption key. Fixes #3297 2020-07-14 21:56:51 +02:00			`# encryption.driver = OpenSSL`
Apply changes from code review 2020-09-25 16:56:44 +08:00			`# encryption.blockSize = 16`
Encryption library optimization 2020-07-28 00:04:41 +08:00			`# encryption.digest = SHA512`
Add hex2bin prefix handling for encryption key. Fixes #3297 2020-07-14 21:56:51 +02:00
Honeypot Implementation - added honeypot config to env 2018-06-05 21:22:57 +01:00			`#--------------------------------------------------------------------`
			`# HONEYPOT`
			`#--------------------------------------------------------------------`

Update env 2020-07-15 23:00:49 +02:00			`# honeypot.hidden = 'true'`
			`# honeypot.label = 'Fill This Field'`
			`# honeypot.name = 'honeypot'`
			`# honeypot.template = '<label>{label}</label><input type="text" name="{name}" value=""/>'`
Add Honeypot::$container to env 2020-07-16 00:06:11 +08:00			`# honeypot.container = '<div style="display:none">{template}</div>'`
Add Security Configs to .env 2020-12-20 17:58:20 +02:00
			`#--------------------------------------------------------------------`
			`# SECURITY`
			`#--------------------------------------------------------------------`

feat: add Session based CSRF protection 2021-10-12 11:00:39 +09:00			`# security.csrfProtection = 'cookie'`
feat: add CSRF token randomization 2021-11-04 19:10:16 +09:00			`# security.tokenRandomize = false`
Cleanup and adding few configuration items. 2021-03-30 08:13:00 +05:30			`# security.tokenName = 'csrf_token_name'`
Add Security Configs to .env 2020-12-20 17:58:20 +02:00			`# security.headerName = 'X-CSRF-TOKEN'`
			`# security.cookieName = 'csrf_cookie_name'`
Cleanup and adding few configuration items. 2021-03-30 08:13:00 +05:30			`# security.expires = 7200`
Add Security Configs to .env 2020-12-20 17:58:20 +02:00			`# security.regenerate = true`
Cleanup and adding few configuration items. 2021-03-30 08:13:00 +05:30			`# security.redirect = true`
			`# security.samesite = 'Lax'`
config: add logger.threshold in env as comment (#4153) 2021-01-26 16:55:09 +09:00
			`#--------------------------------------------------------------------`
			`# LOGGER`
			`#--------------------------------------------------------------------`

			`# logger.threshold = 4`
config: add curlrequest.shareOptions 2021-10-30 09:55:09 +09:00
			`#--------------------------------------------------------------------`
			`# CURLRequest`
			`#--------------------------------------------------------------------`

			`# curlrequest.shareOptions = true`