General Settings

This group of settings affects a wide variety of Craft’s features and behaviors. If you are uncertain about whether something is configurable or not, refer to the categories in the table of contents.

General settings go in config/general.php. The config file that ships with new Craft projects (opens new window) looks like this:

use craft\config\GeneralConfig;
use craft\helpers\App;

return GeneralConfig::create()
    ->defaultWeekStartDay(1)
    ->omitScriptNameInUrls()
    ->preloadSingles()
    ->preventUserEnumeration()
    ->aliases([
        '@webroot' => dirname(__DIR__) . '/web',
    ])

A general.php config file is not mandatory; omitting it from your project (or including one but not explicitly configuring a setting) will use Craft’s defaults. The list below describes the default values for each setting.

There are a number of ways to provide configuration. This file uses the new “fluent” syntax, and contains references to environment variables for settings that may change between environments.

# System

# accessibilityDefaults

Allowed types
array (opens new window)
Default value
[ 'alwaysShowFocusRings' => false, 'useShapes' => false, 'underlineLinks' => false, 'disableAutofocus' => false, 'notificationDuration' => 5000, ]
Defined by
GeneralConfig::$accessibilityDefaults (opens new window)
Since
3.6.4

The default user accessibility preferences that should be applied to users that haven’t saved their preferences yet.

# allowAdminChanges

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$allowAdminChanges (opens new window)
Since
3.1.0

Whether admins should be allowed to make administrative changes to the system.

# allowSimilarTags

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$allowSimilarTags (opens new window)

Whether users should be allowed to create similarly-named tags.

# allowUpdates

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$allowUpdates (opens new window)

Whether Craft should allow system and plugin updates in the control panel, and plugin installation from the Plugin Store.

# autoLoginAfterAccountActivation

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$autoLoginAfterAccountActivation (opens new window)

Whether users should automatically be logged in after activating their account or resetting their password.

# autosaveDrafts

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$autosaveDrafts (opens new window)
Since
3.5.6
Deprecated
in 4.0.0

Whether drafts should be saved automatically as they are edited.

# backupOnUpdate

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$backupOnUpdate (opens new window)

Whether Craft should create a database backup before applying a new system update.

# cacheDuration

Allowed types
mixed
Default value
86400 (1 day)
Defined by
GeneralConfig::$cacheDuration (opens new window)

The default length of time Craft will store data, RSS feed, and template caches.

# cpHeadTags

Allowed types
array (opens new window)
Default value
[]
Defined by
GeneralConfig::$cpHeadTags (opens new window)
Since
3.5.0

List of additional HTML tags that should be included in the <head> of control panel pages.

# defaultCountryCode

Allowed types
string (opens new window)
Default value
'US'
Defined by
GeneralConfig::$defaultCountryCode (opens new window)
Since
4.5.0

The two-letter country code that addresses will be set to by default.

# defaultCpLanguage

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$defaultCpLanguage (opens new window)

The default language the control panel should use for users who haven’t set a preferred language yet.

# defaultCpLocale

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$defaultCpLocale (opens new window)
Since
3.5.0

The default locale the control panel should use for date/number formatting, for users who haven’t set a preferred language or formatting locale.

# defaultDirMode

Allowed types
mixed
Default value
0775
Defined by
GeneralConfig::$defaultDirMode (opens new window)

The default permission to be set for newly-generated directories.

# defaultFileMode

Allowed types
integer (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$defaultFileMode (opens new window)

The default permission to be set for newly-generated files.

# defaultSearchTermOptions

Allowed types
array (opens new window)
Default value
[]
Defined by
GeneralConfig::$defaultSearchTermOptions (opens new window)

The default options that should be applied to each search term.

# defaultTemplateExtensions

Allowed types
string (opens new window)[]
Default value
[ 'twig', 'html', ]
Defined by
GeneralConfig::$defaultTemplateExtensions (opens new window)

The template file extensions Craft will look for when matching a template path to a file on the front end.

# defaultWeekStartDay

Allowed types
integer (opens new window)
Default value
1 (Monday)
Defined by
GeneralConfig::$defaultWeekStartDay (opens new window)

The default day new users should have set as their Week Start Day.

# devMode

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$devMode (opens new window)

Whether the system should run in Dev Mode (opens new window).

# disabledPlugins

Allowed types
string (opens new window)[], string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$disabledPlugins (opens new window)
Since
3.1.9

Array of plugin handles that should be disabled, regardless of what the project config says.

# disabledUtilities

Allowed types
string (opens new window)[]
Default value
[]
Defined by
GeneralConfig::$disabledUtilities (opens new window)
Since
4.6.0

Array of utility IDs that should be disabled.

# disallowRobots

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$disallowRobots (opens new window)
Since
3.5.10

Whether front end requests should respond with X-Robots-Tag: none HTTP headers, indicating that pages should not be indexed, and links on the page should not be followed, by web crawlers.

# enableTemplateCaching

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$enableTemplateCaching (opens new window)

Whether to enable Craft’s template {% cache %} tag on a global basis.

# errorTemplatePrefix

Allowed types
string (opens new window)
Default value
''
Defined by
GeneralConfig::$errorTemplatePrefix (opens new window)

The prefix that should be prepended to HTTP error status codes when determining the path to look for an error’s template.

# extraAllowedFileExtensions

Allowed types
string (opens new window)[], null (opens new window)
Default value
null
Defined by
GeneralConfig::$extraAllowedFileExtensions (opens new window)

List of file extensions that will be merged into the allowedFileExtensions config setting.

# extraAppLocales

Allowed types
string (opens new window)[], null (opens new window)
Default value
null
Defined by
GeneralConfig::$extraAppLocales (opens new window)
Since
3.0.24

List of extra locale IDs that the application should support, and users should be able to select as their Preferred Language.

# handleCasing

Allowed types
string (opens new window)
Default value
GeneralConfig::CAMEL_CASE
Defined by
GeneralConfig::$handleCasing (opens new window)
Since
3.6.0

The casing to use for autogenerated component handles.

# headlessMode

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$headlessMode (opens new window)
Since
3.3.0

Whether the system should run in Headless Mode, which optimizes the system and control panel for headless CMS implementations.

# httpProxy

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$httpProxy (opens new window)
Since
3.7.0

The proxy server that should be used for outgoing HTTP requests.

# indexTemplateFilenames

Allowed types
string (opens new window)[]
Default value
[ 'index', ]
Defined by
GeneralConfig::$indexTemplateFilenames (opens new window)

The template filenames Craft will look for within a directory to represent the directory’s “index” template when matching a template path to a file on the front end.

# ipHeaders

Allowed types
string (opens new window)[], null (opens new window)
Default value
null
Defined by
GeneralConfig::$ipHeaders (opens new window)

List of headers where proxies store the real client IP.

# isSystemLive

Allowed types
boolean (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$isSystemLive (opens new window)

Whether the site is currently live. If set to true or false, it will take precedence over the System Status setting in Settings → General.

# limitAutoSlugsToAscii

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$limitAutoSlugsToAscii (opens new window)

Whether non-ASCII characters in auto-generated slugs should be converted to ASCII (i.e. ñ → n).

# localeAliases

Allowed types
array (opens new window)
Default value
[]
Defined by
GeneralConfig::$localeAliases (opens new window)
Since
5.0.0

Custom locale aliases, which will be included when fetching all known locales.

# maxBackups

Allowed types
integer (opens new window), false (opens new window)
Default value
20
Defined by
GeneralConfig::$maxBackups (opens new window)

The number of backups Craft should make before it starts deleting the oldest backups. If set to false, Craft will not delete any backups.

# maxRevisions

Allowed types
integer (opens new window), null (opens new window)
Default value
50
Defined by
GeneralConfig::$maxRevisions (opens new window)
Since
3.2.0

The maximum number of revisions that should be stored for each element.

# maxSlugIncrement

Allowed types
integer (opens new window)
Default value
100
Defined by
GeneralConfig::$maxSlugIncrement (opens new window)

The highest number Craft will tack onto a slug in order to make it unique before giving up and throwing an error.

# partialTemplatesPath

Allowed types
string (opens new window)
Default value
'_partials'
Defined by
GeneralConfig::$partialTemplatesPath (opens new window)
Since
5.0.0

The path within the templates folder where element partial templates will live.

# permissionsPolicyHeader

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$permissionsPolicyHeader (opens new window)
Since
3.6.14

The Permissions-Policy header that should be sent for web responses.

# phpMaxMemoryLimit

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$phpMaxMemoryLimit (opens new window)

The maximum amount of memory Craft will try to reserve during memory-intensive operations such as zipping, unzipping and updating. Defaults to an empty string, which means it will use as much memory as it can.

# preloadSingles

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$preloadSingles (opens new window)
Since
4.4.0

Whether Single section entries should be preloaded for Twig templates.

# previewIframeResizerOptions

Allowed types
array (opens new window)
Default value
[]
Defined by
GeneralConfig::$previewIframeResizerOptions (opens new window)
Since
3.5.0

Custom iFrame Resizer options (opens new window) that should be used for preview iframes.

# privateTemplateTrigger

Allowed types
string (opens new window)
Default value
'_'
Defined by
GeneralConfig::$privateTemplateTrigger (opens new window)

The template path segment prefix that should be used to identify “private” templates, which are templates that are not directly accessible via a matching URL.

# runQueueAutomatically

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$runQueueAutomatically (opens new window)

Whether Craft should run pending queue jobs automatically when someone visits the control panel.

# safeMode

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$safeMode (opens new window)
Since
4.9.0

Whether the system should run in Safe Mode.

# sameSiteCookieValue

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$sameSiteCookieValue (opens new window)
Since
3.1.33

The SameSite (opens new window) value that should be set on Craft cookies, if any.

# sendContentLengthHeader

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$sendContentLengthHeader (opens new window)
Since
3.7.3

Whether a Content-Length header should be sent with responses.

# sendPoweredByHeader

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$sendPoweredByHeader (opens new window)

Whether an X-Powered-By: Craft CMS header should be sent, helping services like BuiltWith (opens new window) and Wappalyzer (opens new window) identify that the site is running on Craft.

# slugWordSeparator

Allowed types
string (opens new window)
Default value
'-'
Defined by
GeneralConfig::$slugWordSeparator (opens new window)

The character(s) that should be used to separate words in slugs.

# testToEmailAddress

Allowed types
string (opens new window), array (opens new window), null (opens new window), false (opens new window)
Default value
null
Defined by
GeneralConfig::$testToEmailAddress (opens new window)

Configures Craft to send all system emails to either a single email address or an array of email addresses for testing purposes.

# timezone

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$timezone (opens new window)

The timezone of the site. If set, it will take precedence over the Timezone setting in Settings → General.

# translationDebugOutput

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$translationDebugOutput (opens new window)

Whether translated messages should be wrapped in special characters to help find any strings that are not being run through Craft::t() or the |translate filter.

# useEmailAsUsername

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$useEmailAsUsername (opens new window)

Whether Craft should set users’ usernames to their email addresses, rather than let them set their username separately.

# useFileLocks

Allowed types
boolean (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$useFileLocks (opens new window)

Whether to grab an exclusive lock on a file when writing to it by using the LOCK_EX flag.

# useIframeResizer

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$useIframeResizer (opens new window)
Since
3.5.5

Whether iFrame Resizer options (opens new window) should be used for Live Preview.

# Environment

# aliases

Allowed types
array (opens new window)
Default value
[]
Defined by
GeneralConfig::$aliases (opens new window)

Any custom Yii aliases (opens new window) that should be defined for every request.

# backupCommand

Allowed types
string (opens new window), null (opens new window), false (opens new window), Closure (opens new window)
Default value
null
Defined by
GeneralConfig::$backupCommand (opens new window)

The shell command that Craft should execute to create a database backup.

# backupCommandFormat

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$backupCommandFormat (opens new window)
Since
4.9.0

The output format to pass to pg_dump when backing up the database.

# buildId

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$buildId (opens new window)
Since
4.0.0

A unique ID representing the current build of the codebase.

# defaultCookieDomain

Allowed types
string (opens new window)
Default value
''
Defined by
GeneralConfig::$defaultCookieDomain (opens new window)

The domain that cookies generated by Craft should be created for. If blank, it will be left up to the browser to determine which domain to use (almost always the current). If you want the cookies to work for all subdomains, for example, you could set this to '.my-project.tld'.

# resourceBasePath

Allowed types
string (opens new window)
Default value
'@webroot/cpresources'
Defined by
GeneralConfig::$resourceBasePath (opens new window)

The path to the root directory that should store published control panel resources.

# resourceBaseUrl

Allowed types
string (opens new window)
Default value
'@web/cpresources'
Defined by
GeneralConfig::$resourceBaseUrl (opens new window)

The URL to the root directory that should store published control panel resources.

# restoreCommand

Allowed types
string (opens new window), null (opens new window), false (opens new window), Closure (opens new window)
Default value
null
Defined by
GeneralConfig::$restoreCommand (opens new window)

The shell command Craft should execute to restore a database backup.

# Routing

# actionTrigger

Allowed types
string (opens new window)
Default value
'actions'
Defined by
GeneralConfig::$actionTrigger (opens new window)

The URI segment Craft should look for when determining if the current request should be routed to a controller action.

# activateAccountSuccessPath

Allowed types
mixed
Default value
''
Defined by
GeneralConfig::$activateAccountSuccessPath (opens new window)

The URI that users without access to the control panel should be redirected to after activating their account.

# addTrailingSlashesToUrls

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$addTrailingSlashesToUrls (opens new window)

Whether auto-generated URLs should have trailing slashes.

# allowUppercaseInSlug

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$allowUppercaseInSlug (opens new window)

Whether uppercase letters should be allowed in slugs.

# baseCpUrl

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$baseCpUrl (opens new window)

The base URL Craft should use when generating control panel URLs.

# cpTrigger

Allowed types
string (opens new window), null (opens new window)
Default value
'admin'
Defined by
GeneralConfig::$cpTrigger (opens new window)

The URI segment Craft should look for when determining if the current request should route to the control panel rather than the front-end website.

# invalidUserTokenPath

Allowed types
mixed
Default value
''
Defined by
GeneralConfig::$invalidUserTokenPath (opens new window)

The URI Craft should redirect to when user token validation fails. A token is used on things like setting and resetting user account passwords. Note that this only affects front-end site requests.

# loginPath

Allowed types
mixed
Default value
'login'
Defined by
GeneralConfig::$loginPath (opens new window)

The URI Craft should use for user login on the front end.

# logoutPath

Allowed types
mixed
Default value
'logout'
Defined by
GeneralConfig::$logoutPath (opens new window)

The URI Craft should use for user logout on the front end.

# omitScriptNameInUrls

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$omitScriptNameInUrls (opens new window)

Whether generated URLs should omit index.php (e.g. http://my-project.tld/path instead of http://my-project.tld/index.php/path)

# pageTrigger

Allowed types
string (opens new window)
Default value
'p'
Defined by
GeneralConfig::$pageTrigger (opens new window)

The string preceding a number which Craft will look for when determining if the current request is for a particular page in a paginated list of pages.

# pathParam

Allowed types
string (opens new window), null (opens new window)
Default value
'p'
Defined by
GeneralConfig::$pathParam (opens new window)

The query string param that Craft will check when determining the request’s path.

# postCpLoginRedirect

Allowed types
mixed
Default value
'dashboard'
Defined by
GeneralConfig::$postCpLoginRedirect (opens new window)

The path users should be redirected to after logging into the control panel.

# postLoginRedirect

Allowed types
mixed
Default value
''
Defined by
GeneralConfig::$postLoginRedirect (opens new window)

The path users should be redirected to after logging in from the front-end site.

# postLogoutRedirect

Allowed types
mixed
Default value
''
Defined by
GeneralConfig::$postLogoutRedirect (opens new window)

The path that users should be redirected to after logging out from the front-end site.

# setPasswordPath

Allowed types
mixed
Default value
'setpassword'
Defined by
GeneralConfig::$setPasswordPath (opens new window)

The URI or URL that Craft should use for Set Password forms on the front end.

# setPasswordRequestPath

Allowed types
mixed
Default value
null
Defined by
GeneralConfig::$setPasswordRequestPath (opens new window)
Since
3.5.14

The URI to the page where users can request to change their password.

# setPasswordSuccessPath

Allowed types
mixed
Default value
''
Defined by
GeneralConfig::$setPasswordSuccessPath (opens new window)

The URI Craft should redirect users to after setting their password from the front end.

# siteToken

Allowed types
string (opens new window)
Default value
'siteToken'
Defined by
GeneralConfig::$siteToken (opens new window)
Since
3.5.0

The query string parameter name that site tokens should be set to.

# tokenParam

Allowed types
string (opens new window)
Default value
'token'
Defined by
GeneralConfig::$tokenParam (opens new window)

The query string parameter name that Craft tokens should be set to.

# usePathInfo

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$usePathInfo (opens new window)

Whether Craft should specify the path using PATH_INFO or as a query string parameter when generating URLs.

# useSslOnTokenizedUrls

Allowed types
boolean (opens new window), string (opens new window)
Default value
'auto'
Defined by
GeneralConfig::$useSslOnTokenizedUrls (opens new window)

Determines what protocol/schema Craft will use when generating tokenized URLs. If set to 'auto', Craft will check the current site’s base URL and the protocol of the current request and if either of them are HTTPS will use https in the tokenized URL. If not, will use http.

# verifyEmailPath

Allowed types
mixed
Default value
'verifyemail'
Defined by
GeneralConfig::$verifyEmailPath (opens new window)
Since
3.4.0

The URI or URL that Craft should use for email verification links on the front end.

# verifyEmailSuccessPath

Allowed types
mixed
Default value
''
Defined by
GeneralConfig::$verifyEmailSuccessPath (opens new window)
Since
3.1.20

The URI that users without access to the control panel should be redirected to after verifying a new email address.

# Session

# phpSessionName

Allowed types
string (opens new window)
Default value
'CraftSessionId'
Defined by
GeneralConfig::$phpSessionName (opens new window)

The name of the PHP session cookie.

# rememberUsernameDuration

Allowed types
mixed
Default value
31536000 (1 year)
Defined by
GeneralConfig::$rememberUsernameDuration (opens new window)

The amount of time Craft will remember a username and pre-populate it on the control panel’s Login page.

# rememberedUserSessionDuration

Allowed types
mixed
Default value
1209600 (14 days)
Defined by
GeneralConfig::$rememberedUserSessionDuration (opens new window)

The amount of time a user stays logged if “Remember Me” is checked on the login page.

# requireMatchingUserAgentForSession

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$requireMatchingUserAgentForSession (opens new window)

Whether Craft should require a matching user agent string when restoring a user session from a cookie.

# requireUserAgentAndIpForSession

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$requireUserAgentAndIpForSession (opens new window)

Whether Craft should require the existence of a user agent string and IP address when creating a new user session.

# userSessionDuration

Allowed types
mixed
Default value
3600 (1 hour)
Defined by
GeneralConfig::$userSessionDuration (opens new window)

The amount of time before a user will get logged out due to inactivity.

# Security

# asyncCsrfInputs

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$asyncCsrfInputs (opens new window)
Since
4.9.0

Whether CSRF values should be injected via JavaScript for greater cache-ability.

# blowfishHashCost

Allowed types
integer (opens new window)
Default value
13
Defined by
GeneralConfig::$blowfishHashCost (opens new window)

The higher the cost value, the longer it takes to generate a password hash and to verify against it.

# cooldownDuration

Allowed types
mixed
Default value
300 (5 minutes)
Defined by
GeneralConfig::$cooldownDuration (opens new window)

The amount of time a user must wait before re-attempting to log in after their account is locked due to too many failed login attempts.

# csrfTokenName

Allowed types
string (opens new window)
Default value
'CRAFT_CSRF_TOKEN'
Defined by
GeneralConfig::$csrfTokenName (opens new window)

The name of CSRF token used for CSRF validation if enableCsrfProtection is set to true.

# defaultTokenDuration

Allowed types
mixed
Default value
86400 (1 day)
Defined by
GeneralConfig::$defaultTokenDuration (opens new window)

The default amount of time tokens can be used before expiring.

# deferPublicRegistrationPassword

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$deferPublicRegistrationPassword (opens new window)

By default, Craft requires a front-end “password” field for public user registrations. Setting this to true removes that requirement for the initial registration form.

# elevatedSessionDuration

Allowed types
mixed
Default value
300 (5 minutes)
Defined by
GeneralConfig::$elevatedSessionDuration (opens new window)

The amount of time a user’s elevated session will last, which is required for some sensitive actions (e.g. user group/permission assignment).

# enableBasicHttpAuth

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$enableBasicHttpAuth (opens new window)
Since
3.5.0

Whether front-end web requests should support basic HTTP authentication.

# enableCsrfCookie

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$enableCsrfCookie (opens new window)

Whether to use a cookie to persist the CSRF token if enableCsrfProtection is enabled. If false, the CSRF token will be stored in session under the csrfTokenName config setting name. Note that while storing CSRF tokens in session increases security, it requires starting a session for every page that a CSRF token is needed, which may degrade site performance.

# enableCsrfProtection

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$enableCsrfProtection (opens new window)

Whether to enable CSRF protection via hidden form inputs for all forms submitted via Craft.

# invalidLoginWindowDuration

Allowed types
mixed
Default value
3600 (1 hour)
Defined by
GeneralConfig::$invalidLoginWindowDuration (opens new window)

The amount of time to track invalid login attempts for a user, for determining if Craft should lock an account.

# maxInvalidLogins

Allowed types
integer (opens new window), false (opens new window)
Default value
5
Defined by
GeneralConfig::$maxInvalidLogins (opens new window)

The number of invalid login attempts Craft will allow within the specified duration before the account gets locked.

# preventUserEnumeration

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$preventUserEnumeration (opens new window)

When true, Craft will always return a successful response in the “forgot password” flow, making it difficult to enumerate users.

# previewTokenDuration

Allowed types
mixed
Default value
null (1 day)
Defined by
GeneralConfig::$previewTokenDuration (opens new window)
Since
3.7.0

The amount of time content preview tokens can be used before expiring.

# sanitizeCpImageUploads

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$sanitizeCpImageUploads (opens new window)
Since
3.6.0

Whether images uploaded via the control panel should be sanitized.

# sanitizeSvgUploads

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$sanitizeSvgUploads (opens new window)

Whether Craft should sanitize uploaded SVG files and strip out potential malicious-looking content.

# secureHeaders

Allowed types
array (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$secureHeaders (opens new window)

Lists of headers that are, by default, subject to the trusted host configuration.

# secureProtocolHeaders

Allowed types
array (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$secureProtocolHeaders (opens new window)

List of headers to check for determining whether the connection is made via HTTPS.

# securityKey

Allowed types
string (opens new window)
Default value
''
Defined by
GeneralConfig::$securityKey (opens new window)

A private, random, cryptographically-secure key that is used for hashing and encrypting data in craft\services\Security (opens new window).

# storeUserIps

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$storeUserIps (opens new window)
Since
3.1.0

Whether user IP addresses should be stored/logged by the system.

# trustedHosts

Allowed types
array (opens new window)
Default value
[ 'any', ]
Defined by
GeneralConfig::$trustedHosts (opens new window)

The configuration for trusted security-related headers.

# useSecureCookies

Allowed types
boolean (opens new window), string (opens new window)
Default value
'auto'
Defined by
GeneralConfig::$useSecureCookies (opens new window)

Whether Craft will set the “secure” flag when saving cookies when using Craft::cookieConfig() to create a cookie.

# verificationCodeDuration

Allowed types
mixed
Default value
86400 (1 day)
Defined by
GeneralConfig::$verificationCodeDuration (opens new window)

The amount of time a user verification code can be used before expiring.

# Assets

# allowedFileExtensions

Allowed types
string (opens new window)[]
Default value
[ '7z', 'aiff', 'asc', 'asf', 'avi', 'avif', 'bmp', 'cap', 'cin', 'csv', 'dfxp', 'doc', 'docx', 'dotm', 'dotx', 'fla', 'flv', 'gif', 'gz', 'gzip', 'heic', 'heif', 'hevc', 'itt', 'jp2', 'jpeg', 'jpg', 'jpx', 'js', 'json', 'lrc', 'm2t', 'm4a', 'm4v', 'mcc', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'mpsub', 'ods', 'odt', 'ogg', 'ogv', 'pdf', 'png', 'potx', 'pps', 'ppsm', 'ppsx', 'ppt', 'pptm', 'pptx', 'ppz', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi', 'rmvb', 'rt', 'rtf', 'sami', 'sbv', 'scc', 'sdc', 'sitd', 'smi', 'srt', 'stl', 'sub', 'svg', 'swf', 'sxc', 'sxw', 'tar', 'tds', 'tgz', 'tif', 'tiff', 'ttml', 'txt', 'vob', 'vsd', 'vtt', 'wav', 'webm', 'webp', 'wma', 'wmv', 'xls', 'xlsx', 'zip', ]
Defined by
GeneralConfig::$allowedFileExtensions (opens new window)

The file extensions Craft should allow when a user is uploading files.

# convertFilenamesToAscii

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$convertFilenamesToAscii (opens new window)

Whether uploaded filenames with non-ASCII characters should be converted to ASCII (i.e. ñn).

# extraFileKinds

Allowed types
array (opens new window)
Default value
[]
Defined by
GeneralConfig::$extraFileKinds (opens new window)
Since
3.0.37

List of additional file kinds Craft should support. This array will get merged with the one defined in \craft\helpers\Assets::_buildFileKinds().

# filenameWordSeparator

Allowed types
string (opens new window), false (opens new window)
Default value
'-'
Defined by
GeneralConfig::$filenameWordSeparator (opens new window)

The string to use to separate words when uploading assets. If set to false, spaces will be left alone.

# maxUploadFileSize

Allowed types
integer (opens new window), string (opens new window)
Default value
16777216 (16MB)
Defined by
GeneralConfig::$maxUploadFileSize (opens new window)

The maximum upload file size allowed.

# revAssetUrls

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$revAssetUrls (opens new window)
Since
3.7.0

Whether asset URLs should be revved so browsers don’t load cached versions when they’re modified.

# tempAssetUploadFs

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$tempAssetUploadFs (opens new window)
Since
5.0.0

The handle of the filesystem that should be used for storing temporary asset uploads. A local temp folder will be used by default.

# Image Handling

# brokenImagePath

Allowed types
string (opens new window), null (opens new window)
Default value
null
Defined by
GeneralConfig::$brokenImagePath (opens new window)
Since
3.5.0

The server path to an image file that should be sent when responding to an image request with a 404 status code.

# defaultImageQuality

Allowed types
integer (opens new window)
Default value
82
Defined by
GeneralConfig::$defaultImageQuality (opens new window)

The quality level Craft will use when saving JPG and PNG files. Ranges from 1 (worst quality, smallest file) to 100 (best quality, biggest file).

# generateTransformsBeforePageLoad

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$generateTransformsBeforePageLoad (opens new window)

Whether image transforms should be generated before page load.

# imageDriver

Allowed types
mixed
Default value
GeneralConfig::IMAGE_DRIVER_AUTO
Defined by
GeneralConfig::$imageDriver (opens new window)

The image driver Craft should use to cleanse and transform images. By default Craft will use ImageMagick if it’s installed and otherwise fall back to GD. You can explicitly set either 'imagick' or 'gd' here to override that behavior.

# imageEditorRatios

Allowed types
array (opens new window)
Default value
[ 'Unconstrained' => 'none', 'Original' => 'original', 'Square' => 1, '16:9' => 1.78, '10:8' => 1.25, '7:5' => 1.4, '4:3' => 1.33, '5:3' => 1.67, '3:2' => 1.5, ]
Defined by
GeneralConfig::$imageEditorRatios (opens new window)

An array containing the selectable image aspect ratios for the image editor. The array must be in the format of label => ratio, where ratio must be a float or a string. For string values, only values of “none” and “original” are allowed.

# maxCachedCloudImageSize

Allowed types
integer (opens new window)
Default value
2000
Defined by
GeneralConfig::$maxCachedCloudImageSize (opens new window)

The maximum dimension size to use when caching images from external sources to use in transforms. Set to 0 to never cache them.

# optimizeImageFilesize

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$optimizeImageFilesize (opens new window)

Whether Craft should optimize images for reduced file sizes without noticeably reducing image quality. (Only supported when ImageMagick is used.)

# preserveCmykColorspace

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$preserveCmykColorspace (opens new window)
Since
3.0.8

Whether CMYK should be preserved as the colorspace when manipulating images.

# preserveExifData

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$preserveExifData (opens new window)

Whether the EXIF data should be preserved when manipulating and uploading images.

# preserveImageColorProfiles

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$preserveImageColorProfiles (opens new window)

Whether the embedded Image Color Profile (ICC) should be preserved when manipulating images.

# rasterizeSvgThumbs

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$rasterizeSvgThumbs (opens new window)
Since
3.6.0

Whether SVG thumbnails should be rasterized.

# rotateImagesOnUploadByExifData

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$rotateImagesOnUploadByExifData (opens new window)

Whether Craft should rotate images according to their EXIF data on upload.

# transformGifs

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$transformGifs (opens new window)
Since
3.0.7

Whether GIF files should be cleansed/transformed.

# transformSvgs

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$transformSvgs (opens new window)
Since
3.7.1

Whether SVG files should be transformed.

# upscaleImages

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$upscaleImages (opens new window)
Since
3.4.0

Whether image transforms should allow upscaling by default, for images that are smaller than the transform dimensions.

# GraphQL

# allowedGraphqlOrigins

Allowed types
string (opens new window)[], null (opens new window), false (opens new window)
Default value
null
Defined by
GeneralConfig::$allowedGraphqlOrigins (opens new window)
Since
3.5.0

The Ajax origins that should be allowed to access the GraphQL API, if enabled.

# disableGraphqlTransformDirective

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$disableGraphqlTransformDirective (opens new window)
Since
3.6.0

Whether the transform directive should be disabled for the GraphQL API.

# enableGql

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$enableGql (opens new window)
Since
3.3.1

Whether the GraphQL API should be enabled.

# enableGraphqlCaching

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$enableGraphqlCaching (opens new window)
Since
3.3.12

Whether Craft should cache GraphQL queries.

# enableGraphqlIntrospection

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$enableGraphqlIntrospection (opens new window)
Since
3.6.0

Whether GraphQL introspection queries are allowed. Defaults to true and is always allowed in the control panel.

# gqlTypePrefix

Allowed types
string (opens new window)
Default value
''
Defined by
GeneralConfig::$gqlTypePrefix (opens new window)

Prefix to use for all type names returned by GraphQL.

# maxGraphqlBatchSize

Allowed types
integer (opens new window)
Default value
0
Defined by
GeneralConfig::$maxGraphqlBatchSize (opens new window)
Since
4.5.5

The maximum allowed GraphQL queries that can be executed in a single batched request. Set to 0 to allow any number of queries.

# maxGraphqlComplexity

Allowed types
integer (opens new window)
Default value
0
Defined by
GeneralConfig::$maxGraphqlComplexity (opens new window)
Since
3.6.0

The maximum allowed complexity a GraphQL query is allowed to have. Set to 0 to allow any complexity.

# maxGraphqlDepth

Allowed types
integer (opens new window)
Default value
0
Defined by
GeneralConfig::$maxGraphqlDepth (opens new window)
Since
3.6.0

The maximum allowed depth a GraphQL query is allowed to reach. Set to 0 to allow any depth.

# maxGraphqlResults

Allowed types
integer (opens new window)
Default value
0
Defined by
GeneralConfig::$maxGraphqlResults (opens new window)
Since
3.6.0

The maximum allowed results for a single GraphQL query. Set to 0 to disable any limits.

# prefixGqlRootTypes

Allowed types
boolean (opens new window)
Default value
true
Defined by
GeneralConfig::$prefixGqlRootTypes (opens new window)
Since
3.6.6

Whether the gqlTypePrefix config setting should have an impact on query, mutation, and subscription types.

# setGraphqlDatesToSystemTimeZone

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$setGraphqlDatesToSystemTimeZone (opens new window)
Since
3.7.0

Whether dates returned by the GraphQL API should be set to the system time zone by default, rather than UTC.

# Garbage Collection

# purgePendingUsersDuration

Allowed types
mixed
Default value
0
Defined by
GeneralConfig::$purgePendingUsersDuration (opens new window)

The amount of time to wait before Craft purges pending users from the system that have not activated.

# purgeStaleUserSessionDuration

Allowed types
mixed
Default value
7776000 (90 days)
Defined by
GeneralConfig::$purgeStaleUserSessionDuration (opens new window)
Since
3.3.0

The amount of time to wait before Craft purges stale user sessions from the sessions table in the database.

# purgeUnsavedDraftsDuration

Allowed types
mixed
Default value
2592000 (30 days)
Defined by
GeneralConfig::$purgeUnsavedDraftsDuration (opens new window)
Since
3.2.0

The amount of time to wait before Craft purges unpublished drafts that were never updated with content.

# softDeleteDuration

Allowed types
mixed
Default value
2592000 (30 days)
Defined by
GeneralConfig::$softDeleteDuration (opens new window)
Since
3.1.0

The amount of time before a soft-deleted item will be up for hard-deletion by garbage collection.

# Users

# extraLastNamePrefixes

Allowed types
string (opens new window)[]
Default value
[]
Defined by
GeneralConfig::$extraLastNamePrefixes (opens new window)
Since
4.3.0

Any additional last name prefixes that should be supported by the name parser.

# extraNameSalutations

Allowed types
string (opens new window)[]
Default value
[]
Defined by
GeneralConfig::$extraNameSalutations (opens new window)
Since
4.3.0

Any additional name salutations that should be supported by the name parser.

# extraNameSuffixes

Allowed types
string (opens new window)[]
Default value
[]
Defined by
GeneralConfig::$extraNameSuffixes (opens new window)
Since
4.3.0

Any additional name suffixes that should be supported by the name parser.

# showFirstAndLastNameFields

Allowed types
boolean (opens new window)
Default value
false
Defined by
GeneralConfig::$showFirstAndLastNameFields (opens new window)
Since
4.6.0

Whether “First Name” and “Last Name” fields should be shown in place of “Full Name” fields.

Parts of this page are generated or assembled by automations. While we greatly appreciate contributions to the documentation, reporting automated content issues will allow us to fix them at the source!