config.yml

:
The system automatically appends the parameter if the authorization policy fails and a redirect has been set up.

:
The system does not append the parameter.

:
Any variable is sanitized before the output, treated as HTML, and corrected. This configuration is not ideal as it can change the expected output.

:
The output is escaped, not sanitized.

Defines the system behavior when the argument type in the GraphQL query is wrong. Possible values:

:
Display a warning message in log.

:
Raise an error; do not allow the query to be deployed.

:
Silently ignore the error.

The system runs static analysis when you deploy or sync Liquid files. This configuration defines the system behavior whenever an unknown filter is detected. Possible values:

:
Display warning message in log.

:
Raise an error, do not deploy Liquid file(s).

:
Liquid runtime errors are displayed inline and the code is run despite the errors.

:
The '500' page is raised, and code execution stops whenever the system encounters Liquid errors, such as parsing JSON files, providing invalid arguments to GraphQL query, among others.

:
The argument for the mutation is optional by default. This configuration can lead to security issues if the type of the record is not explicitly checked before the mutation is executed.

:
Makes the attribute required.

:
The filter (where serves as an alias) marks the output as html_safe. While this setup is convenient, it can expose the system to XSS vulnerability risks if user input is passed as a variable, as the input can be made to contain and execute malicious JavaScript. In such cases, it's advisable to explicitly use another filter, (or ).

:
The system automatically utilizes the equivalent of whenever a variable is provided to the translation key, thereby enhancing application security by default.

If the argument is not used in queries for or , it is possible to boost performance by preventing data indexing in . This enhancement can be achieved by setting the flag to .

:
A page with slug matches not only URLs like , but also URLs such as and . You can control this behavior using the property. Please refer to our documentation on Available properties for pages.

:
Considering our example page slug , only an exact match i.e. is matched. Additionally, you are able to use named parameters in the URLs, such as .

:
The websocket connection does not check the CSRF token.

:
The websocket connections require that a CSRF token be passed as one of the parameters, enhancing the application's security.

Allows you to set up mandatory password protection. This configuration is useful when you want to restrict the site to users who have access to a correct password.

Allows you to provide a list of module names for which missing files are removed upon deployment of the module. The default behavior of the module involves not deleting any files because it is possible that developers would prefer to download all of the source code and overwrite selected files. Note that if the module is listed and is enabled, users can also remove the files from the Instance by removing them in their filesystem.