diff --git a/conf/settings.json b/conf/settings.json index 2e2540a..6a8c1b6 100644 --- a/conf/settings.json +++ b/conf/settings.json @@ -55,7 +55,7 @@ * * "password": "${PASSW}" // if PASSW is not defined would result in password === null * "password": "${PASSW:}" // if PASSW is not defined would result in password === '' - + * * If you want to use an empty value (null) as default value for a variable, * simply do not set it, without putting any colons: "${ABIWORD}". * @@ -71,10 +71,12 @@ "title": "Etherpad MyPads", /* - * favicon default name - * alternatively, set up a fully specified Url to your own favicon + * Pathname of the favicon you want to use. If null, the skin's favicon is + * used if one is provided by the skin, otherwise the default Etherpad favicon + * is used. If this is a relative path it is interpreted as relative to the + * Etherpad root directory. */ - "favicon": "favicon.ico", + "favicon": null, /* * Skin name. @@ -332,6 +334,24 @@ */ "trustProxy": false, + /* + * Settings controlling the session cookie issued by Etherpad. + */ + "cookie": { + /* + * Value of the SameSite cookie property. "Lax" is recommended unless + * Etherpad will be embedded in an iframe from another site, in which case + * this must be set to "None". Note: "None" will not work (the browser will + * not send the cookie to Etherpad) unless https is used to access Etherpad + * (either directly or via a reverse proxy with "trustProxy" set to true). + * + * "Strict" is not recommended because it has few security benefits but + * significant usability drawbacks vs. "Lax". See + * https://stackoverflow.com/q/41841880 for discussion. + */ + "sameSite": "Lax" + }, + /* * Privacy: disable IP logging */ @@ -391,6 +411,17 @@ */ "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "socketIo": { + /* + * Maximum permitted client message size (in bytes). All messages from + * clients that are larger than this will be rejected. Large values make it + * possible to paste large amounts of text, and plugins may require a larger + * value to work properly, but increasing the value increases susceptibility + * to denial of service attacks (malicious clients can exhaust memory). + */ + "maxHttpBufferSize": 10000 + }, + /* * Allow Load Testing tools to hit the Etherpad Instance. * @@ -398,6 +429,11 @@ */ "loadTest": false, + /** + * Disable dump of objects preventing a clean exit + */ + "dumpOnUncleanExit": false, + /* * Disable indentation on new line when previous line ends with some special * chars (':', '[', '(', '{') @@ -408,7 +444,7 @@ */ /* - * From Etherpad 1.8.3 onwards, import and export of pads is always rate + * From Etherpad 1.8.3 onwards, import and export of pads is always rate * limited. * * The default is to allow at most 10 requests per IP in a 90 seconds window. @@ -433,7 +469,7 @@ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 /* - * From Etherpad 1.9.0 onwards, when Etherpad is in production mode commits from individual users are rate limited + * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * * The default is to allow at most 10 changes per IP in a 1 second window. * After that the change is rejected. @@ -444,10 +480,11 @@ // duration of the rate limit window (seconds) "duration": 1, - // maximum number of chanes per IP to allow during the rate limit window + // maximum number of changes per IP to allow during the rate limit window "points": 10 }, + /* * Toolbar buttons configuration. * @@ -496,7 +533,7 @@ "logconfig" : { "appenders": [ { "type": "console" - , // "category": "access" // only logs pad access + //, "category": "access"// only logs pad access } /* @@ -540,5 +577,8 @@ }, // logconfig /* Override any strings found in locale directories */ - "customLocaleStrings": {} + "customLocaleStrings": {}, + + /* Disable Admin UI tests */ + "enableAdminUITests": false }