From 1af8b97c2fadee0a40c1990659fecbde4c10db55 Mon Sep 17 00:00:00 2001
From: SecureAB <secureab-github@outlook.com>
Date: Sat, 20 Dec 2025 16:47:52 +0100
Subject: [PATCH] Mention CORS_ORIGIN_ALLOW_ALL and the new API_TOKEN_PEPPER_1

---
 Configuration.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Configuration.md b/Configuration.md
index acf0489..7c4c510 100644
--- a/Configuration.md
+++ b/Configuration.md
@@ -30,6 +30,7 @@ Please change the following settings to keep your setup safe.
 * `REDIS_PASSWORD`
 * `REDIS_CACHE_PASSWORD`
 * `AUTH_LDAP_BIND_PASSWORD`
+* `API_TOKEN_PEPPER_1`
 
 #### Generate Secret Key
 
@@ -46,6 +47,7 @@ These settings are also relevant:
 * `SUPERUSER_*`: Only define those variables during the initial setup, and drop them once the DB is set up. Don't use the default passwords!
 * `SKIP_SUPERUSER`: Set to `true` after you've created the superuser.
 * `REDIS_*`: Use your own persistent redis. Don't use the default passwords!
+* `CORS_ORIGIN_ALLOW_ALL`: Set this to `false` or configure it using `CORS_ORIGIN_WHITELIST` or `CORS_ORIGIN_REGEX_WHITELIST`
 
 ## Custom Configuration Files