# REQUIRED SETTINGS
# =================

# Secret key used to guard forms and sessions.
#
# This must be both reasonably constant and secret. If the secret gets
# compromised, you can change it (without having to worry about the "constant"
# requirement).
#
# if not constant:
# - sessions will be lost on each server restart
#
# if not secret:
# - users may be able to forge sessions
# - attackers may be able to execute things on a properly authenticated user’s
#   behalf.
# - other bad things.
SNIKKET_WEB_SECRET_KEY=

# URL (without trailing /) of the prosody HTTP server.
#
# This must be set for anything to work correctly.
#
# NOTE: If this does not point at localhost, it MUST use https. Otherwise,
# passwords will be transmitted in plaintext through insecure channels.
SNIKKET_WEB_PROSODY_ENDPOINT='http://localhost:5280'

# The domain name of the Snikket server
#
# This must be set for login to work correctly.
SNIKKET_WEB_DOMAIN='localhost'

# A human-friendly name for the Snikket server.
#
# This should not be too wide when rendered to fit into the layout.
# Defaults to SNIKKET_WEB_DOMAIN.
#
#SNIKKET_WEB_SITE_NAME


# OPTIONAL SETTINGS
# =================

# How long browers may cache avatars
#
# Setting this to zero forces browsers to check if their locally cached copy
# of an avatar is still up-to-date on every request; if it is, the avatar is
# not re-transferred.
#
#SNIKKET_WEB_AVATAR_CACHE_TTL=1800