|
@@ -1,6 +1,6 @@
|
|
|
<?php
|
|
|
|
|
|
-// @codingStandardsIgnoreFile
|
|
|
+// phpcs:ignoreFile
|
|
|
|
|
|
/**
|
|
|
* @file
|
|
@@ -115,14 +115,6 @@ $databases = [];
|
|
|
* namespace. This is optional for projects managed with Composer if the
|
|
|
* driver's namespace is in Composer's autoloader.
|
|
|
*
|
|
|
- * Transaction support is enabled by default for all drivers that support it,
|
|
|
- * including MySQL. To explicitly disable it, set the 'transactions' key to
|
|
|
- * FALSE.
|
|
|
- * Note that some configurations of MySQL, such as the MyISAM engine, don't
|
|
|
- * support it and will proceed silently even if enabled. If you experience
|
|
|
- * transaction related crashes with such configuration, set the 'transactions'
|
|
|
- * key to FALSE.
|
|
|
- *
|
|
|
* For each database, you may optionally specify multiple "target" databases.
|
|
|
* A target database allows Drupal to try to send certain queries to a
|
|
|
* different database if it can but fall back to the default connection if not.
|
|
@@ -238,9 +230,9 @@ $databases = [];
|
|
|
* Sample Database configuration format for a driver in a contributed module:
|
|
|
* @code
|
|
|
* $databases['default']['default'] = [
|
|
|
- * 'driver' => 'mydriver',
|
|
|
- * 'namespace' => 'Drupal\mymodule\Driver\Database\mydriver',
|
|
|
- * 'autoload' => 'modules/mymodule/src/Driver/Database/mydriver/',
|
|
|
+ * 'driver' => 'my_driver',
|
|
|
+ * 'namespace' => 'Drupal\my_module\Driver\Database\my_driver',
|
|
|
+ * 'autoload' => 'modules/my_module/src/Driver/Database/my_driver/',
|
|
|
* 'database' => 'databasename',
|
|
|
* 'username' => 'sqlusername',
|
|
|
* 'password' => 'sqlpassword',
|
|
@@ -315,6 +307,22 @@ $settings['hash_salt'] = '';
|
|
|
*/
|
|
|
$settings['update_free_access'] = FALSE;
|
|
|
|
|
|
+/**
|
|
|
+ * Fallback to HTTP for Update Manager and for fetching security advisories.
|
|
|
+ *
|
|
|
+ * If your site fails to connect to updates.drupal.org over HTTPS (either when
|
|
|
+ * fetching data on available updates, or when fetching the feed of critical
|
|
|
+ * security announcements), you may uncomment this setting and set it to TRUE to
|
|
|
+ * allow an insecure fallback to HTTP. Note that doing so will open your site up
|
|
|
+ * to a potential man-in-the-middle attack. You should instead attempt to
|
|
|
+ * resolve the issues before enabling this option.
|
|
|
+ * @see https://www.drupal.org/docs/system-requirements/php-requirements#openssl
|
|
|
+ * @see https://en.wikipedia.org/wiki/Man-in-the-middle_attack
|
|
|
+ * @see \Drupal\update\UpdateFetcher
|
|
|
+ * @see \Drupal\system\SecurityAdvisories\SecurityAdvisoriesFetcher
|
|
|
+ */
|
|
|
+# $settings['update_fetch_with_http_fallback'] = TRUE;
|
|
|
+
|
|
|
/**
|
|
|
* External access proxy settings:
|
|
|
*
|
|
@@ -379,17 +387,20 @@ $settings['update_free_access'] = FALSE;
|
|
|
* Sets which headers to trust from your reverse proxy.
|
|
|
*
|
|
|
* Common values are:
|
|
|
- * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
|
|
|
+ * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
|
|
|
+ * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
|
|
|
+ * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
|
|
|
+ * - \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
|
|
|
* - \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
|
|
|
*
|
|
|
* Note the default value of
|
|
|
* @code
|
|
|
- * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
|
|
|
+ * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
|
|
|
* @endcode
|
|
|
* is not secure by default. The value should be set to only the specific
|
|
|
* headers the reverse proxy uses. For example:
|
|
|
* @code
|
|
|
- * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
|
|
|
+ * \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
|
|
|
* @endcode
|
|
|
* This would trust the following headers:
|
|
|
* - X_FORWARDED_FOR
|
|
@@ -397,11 +408,14 @@ $settings['update_free_access'] = FALSE;
|
|
|
* - X_FORWARDED_PROTO
|
|
|
* - X_FORWARDED_PORT
|
|
|
*
|
|
|
- * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL
|
|
|
+ * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR
|
|
|
+ * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST
|
|
|
+ * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT
|
|
|
+ * @see \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO
|
|
|
* @see \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED
|
|
|
* @see \Symfony\Component\HttpFoundation\Request::setTrustedProxies
|
|
|
*/
|
|
|
-# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_ALL | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
|
|
|
+# $settings['reverse_proxy_trusted_headers'] = \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_FOR | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_HOST | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PORT | \Symfony\Component\HttpFoundation\Request::HEADER_X_FORWARDED_PROTO | \Symfony\Component\HttpFoundation\Request::HEADER_FORWARDED;
|
|
|
|
|
|
|
|
|
/**
|
|
@@ -448,35 +462,13 @@ $settings['update_free_access'] = FALSE;
|
|
|
/**
|
|
|
* Class Loader.
|
|
|
*
|
|
|
- * If the APC extension is detected, the Symfony APC class loader is used for
|
|
|
- * performance reasons. Detection can be prevented by setting
|
|
|
- * class_loader_auto_detect to false, as in the example below.
|
|
|
+ * If the APCu extension is detected, the classloader will be optimized to use
|
|
|
+ * it. Set to FALSE to disable this.
|
|
|
+ *
|
|
|
+ * @see https://getcomposer.org/doc/articles/autoloader-optimization.md
|
|
|
*/
|
|
|
# $settings['class_loader_auto_detect'] = FALSE;
|
|
|
|
|
|
-/*
|
|
|
- * If the APC extension is not detected, either because APC is missing or
|
|
|
- * because auto-detection has been disabled, auto-loading falls back to
|
|
|
- * Composer's ClassLoader, which is good for development as it does not break
|
|
|
- * when code is moved in the file system. You can also decorate the base class
|
|
|
- * loader with another cached solution than the Symfony APC class loader, as
|
|
|
- * all production sites should have a cached class loader of some sort enabled.
|
|
|
- *
|
|
|
- * To do so, you may decorate and replace the local $class_loader variable. For
|
|
|
- * example, to use Symfony's APC class loader without automatic detection,
|
|
|
- * uncomment the code below.
|
|
|
- */
|
|
|
-/*
|
|
|
-if ($settings['hash_salt']) {
|
|
|
- $prefix = 'drupal.' . hash('sha256', 'drupal.' . $settings['hash_salt']);
|
|
|
- $apc_loader = new \Symfony\Component\ClassLoader\ApcClassLoader($prefix, $class_loader);
|
|
|
- unset($prefix);
|
|
|
- $class_loader->unregister();
|
|
|
- $apc_loader->register();
|
|
|
- $class_loader = $apc_loader;
|
|
|
-}
|
|
|
-*/
|
|
|
-
|
|
|
/**
|
|
|
* Authorized file system operations:
|
|
|
*
|
|
@@ -619,6 +611,21 @@ if ($settings['hash_salt']) {
|
|
|
# ini_set('pcre.backtrack_limit', 200000);
|
|
|
# ini_set('pcre.recursion_limit', 200000);
|
|
|
|
|
|
+/**
|
|
|
+ * Add Permissions-Policy header to disable Google FLoC.
|
|
|
+ *
|
|
|
+ * By default, Drupal sends the 'Permissions-Policy: interest-cohort=()' header
|
|
|
+ * to disable Google's Federated Learning of Cohorts feature, introduced in
|
|
|
+ * Chrome 89.
|
|
|
+ *
|
|
|
+ * See https://en.wikipedia.org/wiki/Federated_Learning_of_Cohorts for more
|
|
|
+ * information about FLoC.
|
|
|
+ *
|
|
|
+ * If you don't wish to disable FLoC in Chrome, you can set this value
|
|
|
+ * to FALSE.
|
|
|
+ */
|
|
|
+# $settings['block_interest_cohort'] = TRUE;
|
|
|
+
|
|
|
/**
|
|
|
* Configuration overrides.
|
|
|
*
|