| ... |
... |
@@ -1,6 +1,6 @@ |
| 1 |
1 |
{{content/}} |
| 2 |
2 |
|
| 3 |
|
-The file //application.properties// stores several application-wide properties, such as which links are shown on the start page or settings regarding failed logins. |
|
3 |
+The file //application.properties// stores several application-wide properties, such as which links are shown on the start page or settings regarding failed logins. The file can be found in the config directory on the master server. The exact location of the propterties files is listed under System > [[Server information>>doc:Formcycle.SystemSettings.UserInterface.ServerInformation||target="_blank"]] > Used paths > Configuration files. |
| 4 |
4 |
|
| 5 |
5 |
== UI == |
| 6 |
6 |
|
| ... |
... |
@@ -57,6 +57,7 @@ |
| 57 |
57 |
|
| 58 |
58 |
{{table dataTypeAlpha="0" preSort="0-asc" caption="Settings regarding login restrictions"}} |
| 59 |
59 |
|= Property|= Default value|= Explanation |
|
60 |
+|login.duplicated.message.suppress|false|Whether to show a message when a user logs in and another session already exists for the same user. |
| 60 |
60 |
|login.fails.lock.timeout|900 (=15 minutes)|The amount of time in seconds a user needs to wait after using up all their login attempts. If the value is less than {{code language="none"}}60{{/code}}, it is clamped to {{code language="none"}}60{{/code}}. |
| 61 |
61 |
|login.fails.lock.count|5|The number of consecutive failed login attempts before a user is locked out. Set to {{code language="none"}}0{{/code}} for an unlimited amount of attempts. |
| 62 |
62 |
|login.fails.lock.onfullcache|true|Whether the system is locked when the login cache is full. Users cannot login anymore if the system is locked. |
| ... |
... |
@@ -148,6 +148,10 @@ |
| 148 |
148 |
|http.header.hsts.sub|false|Whether the HTTP Strict Transport Security should be applied to sub domains as well. You can also change this setting [[in the system settings menu >>doc:Formcycle.SystemSettings.UserInterface.General.WebHome]]. |
| 149 |
149 |
|http.header.serverid.name |(not available)|Specifies the header name with which the //system.server.id// is written to all requests. If this entry exists but is empty the corresponding header will not be set. If the entry does not exist the default //XFC-Server-Id// is used. |
| 150 |
150 |
|http.param.serverid.name |(not available)|Specifies the name of the URL parameter used to append the //system.server.id// to the form submission URL. If the value is empty or not available, no parameter will be appended. |
|
152 |
+|http.header.csp.backend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy// in the backend (configuration UI). You can also edit this value in the backend via the menu System, General. |
|
153 |
+|http.header.csp.frontend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy// in the frontend (web form). You can also edit this value in the backend via the menu System, General. |
|
154 |
+|http.header.csp.reportonly.backend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy-Report-Only// in the backend (configuration UI). You can also edit this value in the backend via the menu System, General. |
|
155 |
+|http.header.csp.reportonly.frontend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy-Report-Only// in the frontend (web forms). You can also edit this value in the backend via the menu System, General. |
| 151 |
151 |
{{/table}} |
| 152 |
152 |
|
| 153 |
153 |
== Debug == |
