Skip to content

Commit

Permalink
Update dotmarketing-config.properties (#26967)
Browse files Browse the repository at this point in the history 
The `json.web.token.allowhttp` property had its default changed from `true` to `false` about a year ago, but the comment above it was not updated to match; it still seemed to imply a default of `true`, and encouraged users to change it in a production environment. This could lead to confusion, or worse!

Co-authored-by: erickgonzalez <[email protected]>
  • Loading branch information
@jdcmsd @erickgonzalez
jdcmsd and erickgonzalez authored Jan 30, 2024
1 parent 0b3d121 commit 4a3fb81
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion dotCMS/src/main/resources/dotmarketing-config.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -686,7 +686,7 @@ STATIC_PUSH_RETRY_ATTEMPTS=3


# Allow HTTP Authentication
# THIS IS A SECURITY RISK FOR DEVELOPMENT ONLY, CHANGE THIS IN PRODUCTION ENVIRONMENTS
# THIS IS A SECURITY RISK. ADJUSTABLE FOR DEVELOPMENT ONLY; LEAVE FALSE IN PRODUCTION ENVIRONMENT.
json.web.token.allowhttp=false

# Max "Remember Me" Token Age in Days
Expand Down

0 comments on commit 4a3fb81

Please sign in to comment.