Configurations# Asok is designed to be "zero-config" by default, but it provides a comprehensive set of options that can be tuned via environment variables or directly in your wsgi.py file.
1. Core Settings# Key Type Default Description DEBUGbool TrueEnables detailed error pages, auto-reloading, and disables production caching. SECRET_KEYstr auto Used for signing cookies, tokens, and CSRF protection. Required in production. INDEXstr "page"The name of the default entry point file in your page directories. LOCALEstr "en"The default language code for translations. PROJECT_NAMEstr "Asok App"The display name of your project. VERSIONstr "0.1.0"Your application's current version. ASOK_WRITE_BYTECODEbool FalseSet to true to allow Python to write .pyc files (disabled by default for a cleaner project).
2. Server & Routing# Key Type Default Description APP_URLstr NoneThe base URL of your app (e.g., https://example.com). Used for absolute links. ASOK_PORTint 8000The default port for the asok dev and asok preview commands. WS_PORTint 8001The port used by the built-in WebSocket server. MAX_CONTENT_LENGTHint 10485760Maximum allowed size (in bytes) for request bodies (default 10 MB). TRUSTED_PROXIESlist/str NoneList of IP addresses (or "*" ) to trust for the X-Forwarded-For header. ASOK_DOCSbool DEBUGAlias for DOCS. Set to false to hide the documentation UI entirely. DOCSbool DEBUGEnables or disables the automatic documentation UI.
3. Session Management# Key Type Default Description SESSION_BACKENDstr "memory"Storage backend for sessions: "memory" or "file". SESSION_PATHstr ".asok/sessions"Directory path for file-based session storage. SESSION_MAX_AGEint 2592000Max age for the session cookie (in seconds, default 30 days). SESSION_TTLint 86400Server-side session expiration time (in seconds, default 24 hours).
4. Security & CORS# Key Type Default Description CSRFbool TrueEnables global Cross-Site Request Forgery protection for forms. CORS_ORIGINSlist/str NoneAllowed origins for cross-domain requests. Use "*" for all. SECURITY_HEADERSbool/dict TrueEnables default security headers (CSP, HSTS, etc.). Can be customized with a dict. ETAGbool TrueEnables automatic conditional caching headers for responses.
Key Type Default Description GZIPbool FalseEnables transparent Gzip compression for text-based responses. GZIP_MIN_SIZEint 500Minimum response size (in bytes) to trigger Gzip compression. HTML_MINIFYbool !DEBUGEnables aggressive whitespace removal for HTML responses. IMAGE_OPTIMIZATIONbool FalseEnables automatic WebP conversion for uploaded/served images. IMAGE_KEEP_ORIGINALbool TrueRetains the original uploaded file when generating optimized versions.
6. Database & ORM# Asok uses SQLite for simplicity. Most database settings are handled automatically.
Key Type Default Description DATABASE_URLstr "sqlite:///db.sqlite3"Path to the SQLite database file.
7. Email Configuration# Key Type Default Description MAIL_HOSTstr "localhost"SMTP server hostname. MAIL_PORTint 587SMTP server port. MAIL_USERNAMEstr NoneUsername for SMTP authentication. MAIL_PASSWORDstr NonePassword for SMTP authentication. MAIL_FROMstr "noreply@..."Default sender address. MAIL_TLSbool TrueUse TLS for secure email transmission.
8. Logging# Key Type Default Description LOG_LEVELstr "DEBUG"Minimal logging level (DEBUG, INFO, WARNING, ERROR). LOG_FILEstr NoneOptional path to a file for persistent logging. LOG_FORMATstr "text"Format of logs: "text" or "json" for structured logging.
9. API & Documentation UI# Key Type Default Description DOCS_PATHstr "/docs"The URL path where the auto-generated docs are served. OPENAPI_PATHstr "/openapi.json"The URL path for the generated OpenAPI specification. API_TITLEstr PROJECT_NAME The title shown in the documentation UI. API_LOGOstr SITE_LOGO URL of the logo shown in the documentation UI.
10. Admin Interface# The Admin interface is initialized by passing parameters to the Admin extension class in wsgi.py.
Param Type Default Description site_namestr "Asok Admin"Branding title shown in the sidebar and page titles. url_prefixstr "/admin"The URL path where the admin interface is served. default_localestr "en"Default language for the admin interface. faviconstr NonePath to a custom logo/favicon (resolves to src/partials/ if path provided). login_rate_limittuple (5, 900)Bruteforce protection: (max_attempts, window_seconds).
11. Advanced Session Settings# Key Type Default Description SESSION_SAMESITEstr "Lax"SameSite attribute for the session cookie (Lax, Strict, or None). SESSION_SECUREbool auto Forces session cookie to be sent over HTTPS only. Defaults to True if not in DEBUG.
Was this page helpful?
Thanks for your feedback!
