play.play_2.11.2.5.4.source-code.reference.conf Maven / Gradle / Ivy
#
# Copyright (C) 2009-2016 Lightbend Inc.
#
# Reference configuration for Play
#default timeout for promises
# @richdougherty: Is this used any more?
promise.akka.actor.typed.timeout=5s
play {
http {
# The application context.
# Must start with /.
context = "/"
# The error handler.
# Used by Play's built in DI support to locate and bind a request handler. Must be the FQCN of a Play router.
# If null, will attempt to load a class called Routes in the root package, otherwise if that's not found, an empty
# router will be bound.
router = null
# The request handler.
# Used by Play's built in DI support to locate and bind a request handler. Must be one of the following:
# - A FQCN that implements play.api.http.HttpRequestHandler (Scala).
# - A FQCN that implements play.http.HttpRequestHandler (Java).
# - provided, indicates that the application has bound an instance of play.api.http.HttpRequestHandler through some
# other mechanism.
# If null, will attempt to load a class called RequestHandler in the root package, otherwise if that's
# not found, will default to play.api.http.JavaCompatibleHttpRequestHandler.
requestHandler = null
# The request handler.
# Used by Play's built in DI support to locate and bind a request handler. Must be one of the following:
# - A FQCN that implements play.http.ActionCreator (Java).
# If null, will attempt to load a class called ActionCreator in the root package, otherwise if that's
# not found, will default to play.http.DefaultActionCreator.
actionCreator = null
# The error handler.
# Used by Play's built in DI support to locate and bind an error handler. Must be one of the following:
# - A FQCN that implements play.api.http.HttpErrorHandler (Scala).
# - A FQCN that implements play.http.HttpErrorHandler (Java).
# - provided, indicates that the application has bound an instance of play.api.http.HttpErrorHandler through some
# other mechanism.
# If null, will attempt to load a class called ErrorHandler in the root package, otherwise if that's
# not found, will default to play.api.http.GlobalSettingsHttpErrorHandler, which delegates to legacy error handling
# methods on Global.
errorHandler = null
# The filters.
# Used by Play's built in DI support to locate and bind a class to provide filters. Must be one of the following:
# - A FQCN that implements play.api.http.HttpFilters (Scala).
# - A FQCN that implements play.http.HttpFilters (Java).
# - provided, indicates that the application has bound an instance of play.api.http.HttpFilters through some
# other mechanism.
# If null, will attempt to load a class called Filters in the root package, otherwise if that's not found, will
# default to play.api.http.NoHttpFilters, which provides no filters.
filters = null
# Forwarded header configuration
# Play supports various forwarded headers used by proxies to indicate the incoming IP address and protocol of
# requests. Play uses this in the implementation of the RequestHeader.remoteAddress and RequestHeader.secure
# fields.
forwarded = {
# The version of forwarded headers to use.
# Valid values are x-forwarded and rfc7239.
# x-forwarded uses the de facto standard X-Forwarded-For and X-Forwarded-Proto headers to determine the correct
# remote address and protocol for the request. These headers are widely used, however, they have some serious
# limitations, for example, if you have multiple proxies, and only one of them adds the X-Forwarded-Proto header,
# it's impossible to reliably determine which proxy added it and therefore whether the request from the client
# was made using https or http. rfc7239 uses the new Forwarded header standard, and solves many of the
# limitations of the X-Forwarded-* headers.
version = "x-forwarded"
# The trusted proxies.
# Trusted proxies may either be individual IPv4 or IPv6 addresses, or be IPv4 or IPv6 CIDR address ranges.
# This is used to prevent IP address spoofing. Multiple proxies can add and append to the forwarded headers,
# including the client, which could masquerade as a proxy proxying requests on behalf of another client. Play
# will validate that the incoming request IP, and all forwarded headers match the addresses in this list, and will
# present the first untrusted IP address that it finds (or if all addresses are trusted, the last address) to the
# application.
# Note that a number of cloud hosting platforms, most notably AWS, make no guarantees as to what IP addresses
# their proxies will make requests from. If this is the case, in order for Play to respect the forwarded headers,
# you need to trust all IP addresses, therefore making it possible for clients to spoof the incoming address.
# To trust all IP addresses, set this to ["0.0.0.0/0", "::/0"].
trustedProxies = ["127.0.0.1", "::1"]
}
# Parsing configuration
parser = {
# The maximum amount of a request body that should be buffered into memory
maxMemoryBuffer = 100k
# The maximum amount of a request body that should be buffered into disk
maxDiskBuffer = 10m
}
# Action composition configuration
actionComposition = {
# If annotations put directly on Controller classes should be executed before the ones put on action methods
controllerAnnotationsFirst = false
# If the action returned by the action creator should be executed before the action composition ones
executeActionCreatorActionFirst = false
}
# Cookies configuration
cookies = {
# Whether strict cookie parsing should be used. If true, will ignore the entire cookie header if a single invalid
# cookie is found, otherwise, will just ignore the invalid cookie if an invalid cookie is found. The reason
# dropping the entire header may be useful is that browsers don't make any attempt to validate cookie values,
# which may open opportunities for an attacker to trigger some edge case in the parser to steal cookie
# information. By dropping the entire header, this makes it harder to exploit edge cases.
strict = true
}
# Session configuration
session = {
# The cookie name
cookieName = "PLAY_SESSION"
# Whether the secure attribute of the cookie should be set to true
secure = false
# The max age to set on the cookie.
# If null, session cookies are used (that is, the cookie expires when the user closes their browser).
# An important thing to note, this only sets when the browser will discard the cookie. Play will consider any
# cookie value with a valid signature to be a valid session forever. To implement a server side session timeout,
# you need to put a timestamp in the session and check it at regular intervals to possibly expire it.
maxAge = null
# Whether the HTTP only attribute of the cookie should be set to true
httpOnly = true
# The domain to set on the session cookie
# If null, does not set a domain on the session cookie.
domain = null
}
# Flash configuration
flash = {
# The cookie name
cookieName = "PLAY_FLASH"
# Whether the flash cookie should be secure or not
secure = false
# Whether the HTTP only attribute of the cookie should be set to true
httpOnly = true
}
}
# The ApplicationLoader to use for creating the Application.
application.loader = "play.api.inject.guice.GuiceApplicationLoader"
modules {
# The enabled modules that should be automatically loaded.
enabled += "play.api.inject.BuiltinModule"
enabled += "play.api.i18n.I18nModule"
# A way to disable modules that are automatically enabled
disabled = []
}
# Internationalisation configuration
i18n {
# The languages supported by this application
langs = []
# A path to prefix message file loading with. Use this if you want to place your messages resources at some path
# other than the root application path.
path = null
# The name of the cookie to store the Play language in. This cookie is set when Langs.setLang is invoked, and
# read when the preferred lang is loaded.
langCookieName = "PLAY_LANG"
# Whether the language cookie should be secure or not
langCookieSecure = false
# Whether the HTTP only attribute of the cookie should be set to true
langCookieHttpOnly = false
}
akka {
# The name of the actor system that Play creates
actor-system = "application"
# How long Play should wait for Akka to shutdown before timing it. If null, waits indefinitely.
shutdown-timeout = null
# The location to read Play's Akka configuration from
config = "akka"
# The blocking IO dispatcher, used for serving files/resources from the file system or classpath.
blockingIoDispatcher {
fork-join-executor {
parallelism-factor = 3.0
}
}
# The dev mode actor system. Play typically uses the application actor system, however, in dev mode, an actor
# system is needed that outlives the application actor system, since the HTTP server will need to use this, and it
# lives through many application (and therefore actor system) restarts.
dev-mode {
# Turn off dead letters until Akka HTTP server is stable
log-dead-letters = off
# Disable Akka-HTTP's transparent HEAD handling. so that play's HEAD handling can take action
http.server.transparent-head-requests = false
}
}
# Crypto configuration
crypto {
# The application secret. Must be set. A value of "changeme" will cause the application to fail to start in
# production.
secret = "changeme"
# The JCE provider to use. If null, uses the platform default.
provider = null
aes {
transformation = "AES/CTR/NoPadding"
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy