diff options
author | Dylan William Hardison <dylan@hardison.net> | 2017-12-16 20:17:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-16 20:17:05 +0100 |
commit | 334bead74bc9c5e819f14946726eaad40986d636 (patch) | |
tree | e7ecf8d4eba2e6a046da8a9dc8828f35b75c7428 /README.rst | |
parent | 49e0df0d4e1b2f25be4ab36660dac5e47768c9a1 (diff) | |
download | bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.gz bugzilla-334bead74bc9c5e819f14946726eaad40986d636.tar.xz |
Bug 1403777 - Migrate urlbase from params to localconfig
Diffstat (limited to 'README.rst')
-rw-r--r-- | README.rst | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/README.rst b/README.rst index 86e4dd414..ccbd51325 100644 --- a/README.rst +++ b/README.rst @@ -176,6 +176,29 @@ PORT BUGZILLA_UNSAFE_AUTH_DELEGATION This should never be set in production. It allows auth delegation over http. +BMO_urlbase + The public url for this instance. Note that if this begins with https:// + abd BMO_inbound_proxies is set to '*' Bugzilla will believe the connection to it + is using SSL. + +BMO_attachment_base + This is the url for attachments. + When the allow_attachment_display parameter is on, it is possible for a + malicious attachment to steal your cookies or perform an attack on Bugzilla + using your credentials. + + If you would like additional security on attachments to avoid this, set this + parameter to an alternate URL for your Bugzilla that is not the same as + urlbase or sslbase. That is, a different domain name that resolves to this + exact same Bugzilla installation. + + For added security, you can insert %bugid% into the URL, which will be + replaced with the ID of the current bug that the attachment is on, when you + access an attachment. This will limit attachments to accessing only other + attachments on the same bug. Remember, though, that all those possible domain + names (such as 1234.your.domain.com) must point to this same Bugzilla + instance. + BMO_db_driver What SQL database to use. Default is mysql. List of supported databases can be obtained by listing Bugzilla/DB directory - every module corresponds to one |