Product SiteDocumentation Site

5.4. Webserver

$g_session_save_path
Location where session files are stored. The default is false, meaning the session handler's default location will be used.
$g_session_validation
Use Session validation (defaults to ON)

Warning

Disabling this could be a potential security risk !
$g_form_security_validation
Form security validation, defaults to ON. This protects against Cross-Site Request Forgery. Some proxy servers may not correctly work with this option enabled because they cache pages incorrectly.

Warning

Disabling this option is a security risk, it is strongly recommended to leave it ON
$g_custom_headers
An array of custom headers to be sent with each page.
For example, to allow your MantisBT installation to be viewed in a frame in IE6 when the frameset is not at the same hostname as the MantisBT install, you need to add a P3P header. You could try something like
$g_custom_headers = array( 'P3P: CP="CUR ADM"' );
in your config file, but make sure to check that your policy actually matches with what you are promising. See MSDN for more information.
Even though it is not recommended, you could also use this setting to disable previously sent headers. For example, assuming you didn't want to benefit from Content Security Policy (CSP), you could set:
$g_custom_headers = array( 'Content-Security-Policy:' );

Warning

Disabling CSP is a security risk, it is strongly recommended that you leave it as Mantis defines it.