Skip to content
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions content/configuration/security-limits.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ This page documents environment variables. For in-app security configuration (pe
| `USER_REGISTER_URL_ALLOW_LIST` | List of URLs that can be used as `verification_url` in the `/users/register` endpoint. | |
| `IP_TRUST_PROXY` | Settings for the Express.js trust proxy setting. | false |
| `IP_CUSTOM_HEADER` | What custom request header to use for the IP address. | false |
| `IP_CUSTOM_HEADER_WARNINGS` | Whether to log a warning when `IP_CUSTOM_HEADER` is set but a request does not contain a valid IP in that header. Set to `false` to silence noise from health checks or non-proxied traffic. | `true` |
| `IMPORT_IP_DENY_LIST`<sup>[2]</sup> | Deny importing files from these IP addresses / IP ranges / CIDR blocks. Use `0.0.0.0` to match any local IP address. | `0.0.0.0,169.254.169.254` |
| `HSTS_ENABLED` | Enable the Strict-Transport-Security policy header. When enabled, Directus will send the `Strict-Transport-Security: max-age=15552000; includeSubDomains` header on all responses. | `false` |
| `HSTS_*` | Custom overrides for the Strict-Transport-Security header. See [helmet's documentation](https://helmetjs.github.io). Example: `HSTS_MAX_AGE=63072000` | |
Expand Down
Loading