🐳 add advice for unsecure configuration

2025-01-22 14:39:45 -05:00 · 2025-01-22 12:46:52 +01:00 · 2025-01-22 12:46:52 +01:00 · 31bc7e7c86
commit 31bc7e7c86
parent b3a5e6710f
1 changed files with 9 additions and 0 deletions
--- a/docs/technical-guide/configuration.md
+++ b/docs/technical-guide/configuration.md
@ -405,6 +405,14 @@ where users will access the application:
 PENPOT_PUBLIC_URI: http://localhost:9001
 ```

+<p class="advice">
+    If you plan to serve Penpot under different domain than `localhost` without HTTPS,
+    you need to disable the `secure` flag on cookies, with the `disable-secure-session-cookies` flag.
+    This is a configuration NOT recommended for production environments.
+</p>
+
+Check all the [flags](#other-flags) to fully customize your instance.
+
 ## Frontend ##

 In comparison with backend, frontend only has a small number of runtime configuration
@ -480,3 +488,4 @@ __Since version 2.0.0__
 [2]: /technical-guide/getting-started#configure-penpot-with-docker
 [3]: /technical-guide/developer/common#dev-environment
 [4]: https://github.com/penpot/penpot/blob/main/docker/images/files/nginx.conf
+