diff options
Diffstat (limited to '.env.template')
| -rw-r--r-- | .env.template | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/.env.template b/.env.template index 62ce5258..ff0af609 100644 --- a/.env.template +++ b/.env.template @@ -410,6 +410,14 @@ ## Multiple values must be separated with a whitespace. # ALLOWED_IFRAME_ANCESTORS= +## Allowed connect-src (Know the risks!) +## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src +## Allows other domains to URLs which can be loaded using script interfaces like the Forwarded email alias feature +## This adds the configured value to the 'Content-Security-Policy' headers 'connect-src' value. +## Multiple values must be separated with a whitespace. And only HTTPS values are allowed. +## Example: "https://my-addy-io.domain.tld https://my-simplelogin.domain.tld" +# ALLOWED_CONNECT_SRC="" + ## Number of seconds, on average, between login requests from the same IP address before rate limiting kicks in. # LOGIN_RATELIMIT_SECONDS=60 ## Allow a burst of requests of up to this size, while maintaining the average indicated by `LOGIN_RATELIMIT_SECONDS`. |