docs(security): document profile migration
This commit is contained in:
@@ -149,6 +149,21 @@ quanx_device_id=
|
||||
;surge_ssr_path=/usr/bin/ssr-local
|
||||
resolve_hostname=true
|
||||
|
||||
[security]
|
||||
;Security profile:
|
||||
;lan - default, legacy behavior for private/LAN deployments. Local, private
|
||||
; and fake-ip resources are allowed.
|
||||
;public - for Internet-facing deployments. Only untrusted request-controlled
|
||||
; fetches are restricted; built-in local templates and trusted config
|
||||
; files continue to work.
|
||||
;strict - same public fetch restrictions, and public upload cannot be enabled.
|
||||
;Environment override: SUBCONVERTER_SECURITY_PROFILE=lan|public|strict
|
||||
profile=lan
|
||||
;Only used by public profile. lan keeps legacy upload behavior; strict always
|
||||
;disables public upload.
|
||||
;Environment override: SUBCONVERTER_ALLOW_PUBLIC_UPLOAD=true|false
|
||||
allow_public_upload=false
|
||||
|
||||
[emojis]
|
||||
add_emoji=false
|
||||
remove_old_emoji=true
|
||||
|
||||
@@ -168,6 +168,21 @@ quanx_device_id = ""
|
||||
#surge_ssr_path = "/usr/bin/ssr-local"
|
||||
resolve_hostname = true
|
||||
|
||||
[security]
|
||||
# Security profile:
|
||||
# lan - default, legacy behavior for private/LAN deployments. Local, private
|
||||
# and fake-ip resources are allowed.
|
||||
# public - for Internet-facing deployments. Only untrusted request-controlled
|
||||
# fetches are restricted; built-in local templates and trusted config
|
||||
# files continue to work.
|
||||
# strict - same public fetch restrictions, and public upload cannot be enabled.
|
||||
# Environment override: SUBCONVERTER_SECURITY_PROFILE=lan|public|strict
|
||||
profile = "lan"
|
||||
# Only used by public profile. lan keeps legacy upload behavior; strict always
|
||||
# disables public upload.
|
||||
# Environment override: SUBCONVERTER_ALLOW_PUBLIC_UPLOAD=true|false
|
||||
allow_public_upload = false
|
||||
|
||||
[emojis]
|
||||
add_emoji = false
|
||||
remove_old_emoji = true
|
||||
|
||||
@@ -68,6 +68,21 @@ surge_external_proxy:
|
||||
surge_ssr_path: "" # /usr/bin/ssr-local
|
||||
resolve_hostname: true
|
||||
|
||||
security:
|
||||
# Security profile:
|
||||
# lan - default, legacy behavior for private/LAN deployments. Local,
|
||||
# private and fake-ip resources are allowed.
|
||||
# public - for Internet-facing deployments. Only untrusted request-controlled
|
||||
# fetches are restricted; built-in local templates and trusted config
|
||||
# files continue to work.
|
||||
# strict - same public fetch restrictions, and public upload cannot be enabled.
|
||||
# Environment override: SUBCONVERTER_SECURITY_PROFILE=lan|public|strict
|
||||
profile: lan
|
||||
# Only used by public profile. lan keeps legacy upload behavior; strict always
|
||||
# disables public upload.
|
||||
# Environment override: SUBCONVERTER_ALLOW_PUBLIC_UPLOAD=true|false
|
||||
allow_public_upload: false
|
||||
|
||||
emojis:
|
||||
add_emoji: false
|
||||
remove_old_emoji: true
|
||||
|
||||
Reference in New Issue
Block a user