Skip to content

Admin Settings

The admin web UI includes a Security Settings tab for managing runtime configuration. Access it via the Administration page (requires settings:manage permission).

Allowed Origins (CORS)

Controls which origins can make cross-origin requests to the API with cookie-based authentication.

  • Add origins using the text input and "Add" button
  • Remove origins by clicking the X on each chip
  • Click "Save Settings" to apply changes

Origins should include the protocol (e.g., https://app.example.com).

Rate Limiting

  • Toggle rate limiting on/off
  • Configure the maximum requests per minute (global limit)
  • Auth endpoints (/api/auth/*) always have stricter limits (20 req/min)

Workflow Recovery

  • Set the stuck run timeout in minutes
  • Runs in "running" status with no progress beyond this timeout are automatically failed
  • The recovery job runs every 15 minutes

Database Pool (Read-Only)

Displays the current database connection pool configuration. These values are configured via environment variables and cannot be changed at runtime:

  • DB_POOL_MAX — maximum connections
  • DB_POOL_MIN — minimum idle connections

Saving Settings

Click "Save Settings" to persist changes. Settings are stored in the system_setting database table and take effect immediately for the Settings API response. Some settings (like CORS origins) require a server restart to take full effect.