Skip to content

Commit

Permalink
Update docs for DISABLE_QUERY_AUTH_TOKEN (go-gitea#28485)
Browse files Browse the repository at this point in the history 
As described
[here](go-gitea#28390 (comment)).
  • Loading branch information
@kdumontnu @fuxiaohei
kdumontnu authored and fuxiaohei committed Jan 17, 2024
1 parent d4adcfe commit d936bb6
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions docs/content/administration/config-cheat-sheet.en-us.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -572,6 +572,7 @@ And the following unique queues:
- off - do not check password complexity
- `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
- `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
- `DISABLE_QUERY_AUTH_TOKEN`: **false**: Reject API tokens sent in URL query string (Accept Header-based API tokens only). This setting will default to `true` in Gitea 1.23 and be deprecated in Gitea 1.24.

## Camo (`camo`)

Expand Down

0 comments on commit d936bb6

Please sign in to comment.