Version: v0.6.1 - Beta.  We welcome contributors & feedback.  THanks!

App Settings

Settings File 

App settings are located in settings/app.jcon.

See the JCON Configuration Format.


There are 4 top-level sections:

Reading Settings 

App settings are read-only. Values be accessed with the Settings module.

To read a value under the app section, use Settings.get(key).

tht Settings 

The following keys are supported under the tht section, which affect the behavior of THT itself.


Default: (localhost)

Restrict the Perf Panel and error page to this IP address, if the server is not running in testServer mode.


Default: 100

For every Cache SET operation, there is a 1-in-N chance the garbage collector will run, clearing out any expired keys from the Cache.
cacheGarbageCollectRate: 1000


Default: true

Automatically apply GZIP compression to responses for Response.sendPage(), Web.sendCss(), and Web.sendJs().

This reduces the total response size over the wire by up to 70%.

You might need to disable this if your webserver is already configured to compress responses.

compressOutput: true

contentSecurityPolicy (CSP)

Default: default-src 'self'; style-src 'unsafe-inline' *; img-src *; media-src *; script-src 'nonce-___'

CSP is a list of restrictions on what kind of scripts or media can be loaded and executed on your site. These are enforced within the browser.

The default CSP allows media (images, etc) to be loaded from any domain, but requires script tags to have a server-generated nonce (unique per-request token) in order to run.

THT will automatically insert a nonce into any script tags present in your templates. Otherwise, call Web.nonce() to insert it manually.

See Content Security Policy (CSP).


Default: false

Add the 'unsafe-eval' directive to the Content Security Policy (CSP). This allows eval to be run within client-side JavaScript running on your site.

SecurityThe eval function is a commonly exploited vulnerability. Only set this to true if absolutely necessary.

dangerDangerAllowJsEval: false


Default: false

Set to true to respond to all requests with a standard downtime page. Or set it to a custom URL in your document root directory.

This will return a 503 Service Unavailable HTTP response code.

downtime: true

downtime: /down.html


Default: true

If true, log errors to files/app.log.

Errors are not logged while in development mode, because a full error page is already displayed.

logErrors: true


Default: n/a

PHP sets these limits at startup time, so they must be set in your php.ini file instead.

To find your php.ini run this command:

$ tht info

Then set these values accordingly:

; Maximum allowed size for uploaded files.
upload_max_filesize = 5M

; Must be greater than or equal to `upload_max_filesize`
post_max_size = 5M


Default: 16

Maximum memory usage (megabytes) per request.
memoryLimitMb: 32


Default: true

Automatically minify -Css templates at compile time.
minifyCssTemplates: false


Default: true

Automatically minify -Js templates at compile time.
minifyJsTemplates: false


Default: true

Automatically send debug information to the THT developers when an error occurs.

This is a great way to contribute to the THT project, by helping us see what kind of errors are most common.

It sends the erroneous line of code, the error message, and metrics around development time. No identifying information will ever be stored or disclosed publicly.

(The default will likely change to false when the project reaches v1.0.)

sendErrors: true


Default: 120

Amount of time (minutes) to wait after a user’s last request before their session expires. See Session.
sessionDurationMins: 30


Default: 10

The amount of time (in minutes) since the app was last compiled, to show a full error page. Otherwise, you can find error information in data/files/app.log.

The error page will always be shown if the server is in testServer mode, it is running as localhost, or the request is coming from adminIp (see above).

showErrorPageForMins: 5


Default: false

Display performance stats at the bottom of every web page. See Perf Panel.
showPerfPanel: true


Default: GMT

Server timezone. See the list of supported timezones.
timezone: America/Los_Angeles


Default: false

Set to true to make your app go faster, utilizing the Placebo effect.
turboMode: heck yeah

See Also