Various configuration options can be set to influence how various subsystems in the framework go about their work. Setting these options is done by passing them into the Application constructor as keyword arguments, or by setting the values in the app.config dictionary.
- A secret key to be used for the encryption of authentication cookies. Required for cookie-based authentication.
- Whether the IP address of the remote user should be ignored. Taking the IP address into account can be problematic for users behind proxies that make their requests appear to be coming from different addresses.
- The time until an authentication cookie expires, in minutes.
- The default From address for outgoing emails.
- The host name of the SMTP server to use for outgoing mail.
- The port number of the SMTP server (default 25).
- The username to use for authentication against the SMTP server.
- The password to use for authentication against the SMTP server.
- Whether to use TLS for the SMTP server connection.
- Whether debugging and developer-oriented error pages should be enabled.
- The email address(es) to send error notification mails to. Multiple addresses can be specified by separating them with commas.
- Whether forms should automatically be protected against Cross-Site Request Forgery (CSRF) attacks.
- Path to a custom MIME type mapping file (such as /etc/mime.types).
- The default locale to use (for example “de_AT”).
- The default timezone to apply for date/time display (for example “Europe/Berlin?”).
- A secret key to be used for signing and authenticating session cookies. This needs to be set for applications that use session storage.
- The name of the cookie used to store session state (defauls to “session”)
- The path for the cookie (defaults to “/”)
- The domain name for the cookie
- The maximum age of a session in seconds (defaults to 360, which is one hour)
- The default DOCTYPE to use for rendered HTML pages.
- Whether templates should be automatically reloaded when the underlying file has changed (true or false).
- How lookup errors in Python code in templates should be treated (strict or lenient).