Environment Variables

Quick Reference Table

#
Env
Type
Default

1

DEBUG

bool

True

2

CONTACT_US_EMAIL_TO

json

{"defaults": ["[email protected]"]}

3

ACCOUNT_EMAIL_SUBJECT_PREFIX

str

None

4

ES_HOST_SCHEME

str

"https"

5

ES_HOST

str

"localhost"

6

ES_MAJOR_VERSION

int

5

7

ES_USER

str

"akinon"

8

DYNAMIC_SETTINGS_CACHE_ACTIVE

bool

True

9

OPENID_SSO_PROVIDER_ID

str

"openid-sso"

10

OPENID_SSO_PROVIDER_SERVER_URL

str

"https://sso.akinon.com"

11

SESSION_CACHE_AGE

int

10800 (3 hours)

12

SESSION_COOKIE_AGE

int

1209600 (2 weeks)

13

ANALYTICS_CONTAINER_ID

str

"AKINON"

14

PROMOTIONS_ROUNDING_MODE

str

"ROUND_HALF_DOWN"

15

ORDERS_USE_ISOLATED_PRE_ORDER_ON_RETURN

bool

False

16

SITE_ID

int

1

17

X_FRAME_OPTIONS

str

"SAMEORIGIN"

18

SECURE_HSTS_INCLUDE_SUBDOMAINS

bool

True

19

SECURE_HSTS_SECONDS

int

31536000

20

I18N_ACTIVE

bool

False

21

PRETTY_URL_FORCE_UNICODE_SLUG

bool

False

22

THUMBNAIL_ACTIVE

bool

True

23

MULTIPLE_LANGUAGE_URL_ACTIVE

bool

False

24

LANGUAGE_CODE

str

"tr-tr"

25

LANGUAGES

str

None

26

DISABLE_LOCMEM_CACHE

bool

False

27

LOCAL_CACHE_ENABLED

bool

False

28

LOCAL_CACHE_HOST

str

"localhost"

29

LOCAL_CACHE_PORT

int

6379

30

LOGIN_REDIRECT_URL_SLUG

str

None

31

EMAIL_BACKEND

str

"omnishop.cms.email.backends.smtp.EmailBackend"

32

EMAIL_HOST

str

required

33

EMAIL_HOST_USER

str

required

34

NO_REPLY_EMAIL

str

35

DEFAULT_FROM_EMAIL

str

NO_REPLY_EMAIL

36

TEMPLATE_LOADER

str

"omnicore.dbtemplates.jinja_loaders.DatabaseAndFileSystemLoader"

37

SITEMAP_AUTO_PREFIX

bool

False

38

SITEMAP_MANUAL_PREFIX

str

""

39

STATICSITEMAPS_URL

str

(dynamic default)

40

STATICSITEMAPS_ROOT_DIR

str

"sitemaps/"

41

DEFAULT_CURRENCY_TYPE

str

"try"

42

SESSION_COOKIE_NAME

str

"osessionid"

43

CSRF_COOKIE_SECURE

bool

not DEBUG

44

SESSION_COOKIE_SECURE

bool

not DEBUG

45

CSRF_COOKIE_SAMESITE

str

"Lax"

46

SESSION_COOKIE_SAMESITE

str

"Lax"

47

SMS_OTP_RESENT_TIME_GAP

int

60

48

ORDER_SMS_PHONE_NUMBER_GETTER

str

None

49

NEW_COOKIE_SAMESITE_MIDDLEWARE_ACTIVE

bool

False

50

IS_CLOUD_FRONT_MIDDLEWARE_ACTIVE

bool

False

51

IS_ERP_CODE_MIDDLEWARE_ACTIVE

bool

False

52

PRETTY_URL_MULTI_LANGUAGE

bool

False

53

PRETTY_URL_SITE_LANGUAGE_CODE

str

LANGUAGE_CODE

54

PRETTY_URL_ONLY_ASCII

bool

False

55

CSRF_TRUSTED_ORIGINS

list

[".com", ".net", ".org", ".tr", ".akinon.net", ".akinoncloud.com"]

56

ORDER_NUMBER_GENERATOR

str

None

57

MINIMUM_ORDER_AMOUNT

str

"0.01"

58

ACCOUNT_ADAPTER

str

"omnishop.users.allauth_adapter.CustomDefaultAccountAdapter"

59

ACCOUNT_CONFIRM_EMAIL_ON_GET

bool

False

60

ACCOUNT_EMAIL_VERIFICATION

str

"optional"

61

ACCOUNT_EMAIL_REQUIRED

bool

False

62

ACCOUNT_DEFAULT_HTTP_PROTOCOL

str

"http"

63

INDEX_PRODUCTS_QUANTITY

int

50

64

COMMERCE_EVENTS

dict

{user_logged_in: True, ...}

65

INDEX_PRODUCTS_PREFETCH_ENABLED

bool

False

66

ES_MIN_SCORE_COEFFICIENT

float

0

67

USER_PROFILE_VIEW

str

None

68

PASSWORD_HASHERS

list

(Django default list)

69

PASSWORD_RESET_TIMEOUT

int

259200 (3 days)

70

REST_REGISTER_VIEW

str

None

71

REST_AUTH_REGISTER_SERIALIZERS

json/dict

(default serializer)

72

AUTHENTICATION_BACKENDS

tuple

("allauth.account.auth_backends.AuthenticationBackend",)

73

SECURE_BROWSER_XSS_FILTER

bool

False

74

SECURE_CONTENT_TYPE_NOSNIFF

bool

False

75

ACCOUNT_EMAIL_CONFIRMATION_ANONYMOUS_REDIRECT_URL

str

None

76

INCLUDE_STOCK_OUT_PRODUCTS_ON_SITEMAP

bool

True

77

ACCOUNT_EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL

str

""

78

PREPEND_WWW

bool

False

79

PROMOTIONS_SINGLE_COUPON

bool

False

80

KVKK_UNSUBSCRIPTION_SECRET_MAP

json

{}

81

B2B_EXTENSION_CONF

json

{}

82

BASKET_UNIT_VALUE_ATTRIBUTE

str

"basket_unit_value"

83

UNIT_STEP_VALUE_ATTRIBUTE

str

"unit_step_value"

84

UNIT_REFERENCE_VALUE_ATTRIBUTE

str

"unit_reference_value"

85

UNIT_PRODUCT_FLAG_ATTRIBUTE

str

"is_unit_product"

86

UNIT_MINIMUM_VALUE_ATTRIBUTE

str

"unit_minimum_value"

87

ENABLE_X_COOKIE_HEADER

bool

False

88

DATA_UPLOAD_MAX_MEMORY_SIZE

int

2621440 (2.5 MB)

89

SEARCH_DYNAMIC_FILTER_ACTIVE

bool

False

90

SEARCH_FUZZY_SEARCH_ACTIVE

bool

False

91

CELERY_SCHEDULED_TASKS

json

{}

92

CORS_ALLOWED_ORIGINS

list

["https://docs.akinon.com", "https://apidocs.akinon.com"]

circle-info

The table above shows the first 20 variables for brevity. Full details for all variables are provided below.


Detailed Specifications

1. DEBUG

  • Type: bool

  • Default: True

  • ACC_MODE: Yes (re-read from .env file inside ACC_MODE block, default becomes False)

  • Description: Controls Django debug mode. When True, detailed error pages are displayed, static files are served by the Django dev server, and various debug features are enabled. Must always be False in production environments. When ACC_MODE is active, the default switches to False.

2. CONTACT_US_EMAIL_TO

  • Type: json (dict)

  • Default: {"defaults": ["[email protected]"]}

  • ACC_MODE: No (global scope, but can be overridden at runtime via dj_dynamic_settings)

  • Description: Defines the recipient email addresses for emails sent through the contact us form. Uses a JSON dictionary format to route emails based on operation type. The "defaults" key provides fallback recipients when no matching operation type is found. Example: {"franchise": "[email protected]", "contact_us": "[email protected]", "defaults": ["[email protected]"]}. Can be modified at runtime through dynamic settings.

3. ACCOUNT_EMAIL_SUBJECT_PREFIX

  • Type: str

  • Default: None

  • ACC_MODE: No (global scope)

  • Description: Prefix string added to the subject line of emails sent by django-allauth (email verification, password reset, etc.). When None, no prefix is added to the subject line. Example: setting "[MyShop] " results in email subjects like "[MyShop] Please Confirm Your E-mail Address".

4. ES_HOST_SCHEME

  • Type: str

  • Default: "https"

  • ACC_MODE: Yes (re-read)

  • Description: Determines the protocol scheme for the Elasticsearch connection URL ("http" or "https"). Used when constructing the ES_HOSTS connection string. Typically set to "http" in CI/test environments.

5. ES_HOST

  • Type: str

  • Default: "localhost" (global scope), required (ACC_MODE)

  • ACC_MODE: Yes (re-read, no default)

  • Description: Hostname (and optionally port) of the Elasticsearch server. Used to construct the ES_HOSTS connection string. Example: "es.example.com" or "localhost:9200".

6. ES_MAJOR_VERSION

  • Type: int

  • Default: 5

  • ACC_MODE: Yes (re-read)

  • Description: The Elasticsearch major version number in use. Supported values: 5 and 8. This value determines the behavior of the search module across many areas including query syntax, mapping structure, index creation, facet search behavior, and API compatibility. For example, ES 8 uses ngram instead of nGram as the filter type and the _type field has been removed. When ES 8 is selected, ES_USER and ES_PASSWORD variables also become active.

7. ES_USER

  • Type: str

  • Default: "akinon"

  • ACC_MODE: Yes (only when ES_MAJOR_VERSION == 8)

  • Description: Username for Elasticsearch basic authentication. Only active when ES_MAJOR_VERSION is 8. Included in the ES_HOSTS connection URL in scheme://user:password@host format.

8. DYNAMIC_SETTINGS_CACHE_ACTIVE

  • Type: bool

  • Default: True

  • ACC_MODE: No (global scope)

  • Description: Enables or disables the caching mechanism of the dj_dynamic_settings library. When True, dynamic setting values are cached to reduce database reads. When False, every dynamic setting access reads directly from the database. Recommended to be True in production for performance.

9. OPENID_SSO_PROVIDER_ID

  • Type: str

  • Default: "openid-sso"

  • ACC_MODE: No (global scope)

  • Description: Unique identifier for the OpenID Connect SSO provider in django-allauth's SOCIALACCOUNT_PROVIDERS configuration. Used to reference this provider in the provider registry.

10. OPENID_SSO_PROVIDER_SERVER_URL

  • Type: str

  • Default: "https://sso.akinon.com"

  • ACC_MODE: No (global scope)

  • Description: The discovery URL for the OpenID Connect SSO provider. django-allauth uses this URL to automatically fetch the provider's OpenID Connect configuration (.well-known/openid-configuration). Must be set to the correct provider address for SSO integration.

11. SESSION_CACHE_AGE

  • Type: int

  • Default: 10800 (3 hours, in seconds)

  • ACC_MODE: No (global scope)

  • Description: Controls how long session data is kept in the Redis cache. The application uses a custom SessionStore (cached_db backend) where the actual cache expiry is calculated as min(SESSION_COOKIE_AGE, SESSION_CACHE_AGE). This means the cache TTL is always the shorter of the two values. Lowering this value causes more frequent database reads to reload session data into cache, while raising it keeps sessions cached longer and reduces DB load.

  • Type: int

  • Default: 1209600 (2 weeks, in seconds)

  • ACC_MODE: No (global scope)

  • Description: Standard Django setting that controls the age of session cookies in seconds. Determines how long a user's browser will keep the session cookie before it expires. Also used together with SESSION_CACHE_AGE to determine the cache expiry duration (min of both values).

13. ANALYTICS_CONTAINER_ID

  • Type: str

  • Default: "AKINON"

  • ACC_MODE: No (global scope)

  • Description: Sets the container ID for analytics tracking. The value is placed into the ANALYTICS_CONTAINER dictionary ({"containerId": <value>}) and injected into Jinja2 templates as a global constant, making it accessible in frontend templates for analytics/tracking integration.

14. PROMOTIONS_ROUNDING_MODE

  • Type: str

  • Default: "ROUND_HALF_DOWN"

  • ACC_MODE: No (global scope)

  • Description: Determines the rounding mode used for discount calculations in the promotions module. Applied when quantizing discount amounts to 2 decimal places (e.g., amount.quantize(D('.01'), PROMOTIONS_ROUNDING_MODE)). Used in both benefits.py (promotion benefit calculations) and baskets/models.py (basket item unit price after discount). Valid values are Python decimal rounding modes: ROUND_HALF_DOWN, ROUND_HALF_UP, ROUND_CEILING, ROUND_FLOOR, ROUND_DOWN, ROUND_UP, etc.

15. ORDERS_USE_ISOLATED_PRE_ORDER_ON_RETURN

  • Type: bool

  • Default: False

  • ACC_MODE: No (global scope)

  • Description: When enabled, the checkout flow includes the encoded order number in return URLs (success/fail URLs for 3D Secure, redirect payments, and wallet payments). This allows the system to identify the specific pre-order when the payment gateway redirects the user back, rather than relying solely on session state. Affects CheckoutView, CreditCardThreeDSecurePage, RedirectPayPage, SavedCardThreeDSecurePage, wallet views, and basket service pre-order creation.

16. SITE_ID

  • Type: int

  • Default: 1

  • ACC_MODE: Yes (re-read)

  • Description: Standard Django setting that identifies the current site in multi-site setups. Used with the django.contrib.sites framework. Also assigned to DEFAULT_SITE_ID and injected into Jinja2 templates as a global constant.

17. X_FRAME_OPTIONS

  • Type: str

  • Default: "SAMEORIGIN"

  • ACC_MODE: Yes

  • Description: Django security setting that controls the X-Frame-Options HTTP response header. "SAMEORIGIN" allows the page to be displayed in a frame only on the same origin. "DENY" prevents framing entirely. This protects against clickjacking attacks.

18. SECURE_HSTS_INCLUDE_SUBDOMAINS

  • Type: bool

  • Default: True

  • ACC_MODE: Yes

  • Description: Django security setting. When True, the HTTP Strict Transport Security (HSTS) header includes the includeSubDomains directive, forcing HTTPS on all subdomains of the site. Only effective when SECURE_HSTS_SECONDS is set to a non-zero value.

19. SECURE_HSTS_SECONDS

  • Type: int

  • Default: 31536000 (1 year, in seconds)

  • ACC_MODE: Yes

  • Description: Django security setting that sets the number of seconds the browser should remember to only access the site via HTTPS (HTTP Strict Transport Security). The default of 31536000 equals one year. Setting to 0 disables the HSTS header entirely. Works in conjunction with SECURE_HSTS_INCLUDE_SUBDOMAINS.

20. I18N_ACTIVE

  • Type: bool

  • Default: False

  • ACC_MODE: Yes

  • Description: Enables internationalization URL support. When True, URL patterns in urls.py are wrapped with Django's i18n_patterns(), which adds language-code prefixes to URLs (e.g., /tr-tr/products/, /en-us/products/). PrettyUrl patterns are excluded from the wrapping to preserve their own routing logic.

21. PRETTY_URL_FORCE_UNICODE_SLUG

  • Type: bool

  • Default: False

  • ACC_MODE: Yes

  • Description: Controls slug generation behavior in the pretty URL system. When False, slugs for the default language and configured ASCII languages are generated using standard ASCII slugification (e.g., "Çanta" becomes "canta"). When True, unicode characters are preserved in slugs (e.g., "Çanta" stays "çanta"). Works in conjunction with PRETTY_URL_ONLY_ASCII.

22. THUMBNAIL_ACTIVE

  • Type: bool

  • Default: True

  • ACC_MODE: Yes (re-read)

  • Description: Enables or disables thumbnail generation for product images. When True, images are processed and resized according to THUMBNAIL_OPTIONS configuration. When False, original images are served without processing. The value is also injected into Jinja2 templates as a global constant for frontend conditional rendering.

23. MULTIPLE_LANGUAGE_URL_ACTIVE

  • Type: bool

  • Default: False

  • ACC_MODE: Yes

  • Description: When True, replaces Django's standard LocaleMiddleware with PrettyUrlLocaleMiddleware in the middleware stack. This enables multi-language URL support with pretty URL integration, allowing language-specific URL routing through the pretty URL system rather than Django's default locale handling.

24. LANGUAGE_CODE

  • Type: str

  • Default: "tr-tr"

  • ACC_MODE: Yes (re-read)

  • Description: Standard Django setting that defines the default language code for the site. Used for locale detection, translation, and as the default value for PRETTY_URL_SITE_LANGUAGE_CODE. Format follows BCP 47 convention (e.g., "tr-tr", "en-us", "de-de").

25. LANGUAGES

  • Type: str

  • Default: None

  • ACC_MODE: Yes

  • Description: Comma-separated list of language definitions in code=name format. When set, overrides the default LANGUAGES list. Example: "tr-tr=Turkish,en-us=English" produces [("tr-tr", "Turkish"), ("en-us", "English")]. When None, the default defined in settings ([("tr-tr", "Turkish")]) is used.

26. DISABLE_LOCMEM_CACHE

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, replaces the "locmem" cache backend with Django's DummyCache, effectively disabling local memory caching. Useful for debugging cache-related issues or in environments where local memory caching is not desired.

27. LOCAL_CACHE_ENABLED

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, adds a "local" Redis cache backend to the CACHES configuration. This separate cache instance (configured via LOCAL_CACHE_HOST and LOCAL_CACHE_PORT) is used for local/node-level caching, typically pointing to a Redis instance on the same machine for low-latency cache access. Used by prettyurls, catalogs, baskets, products, and search modules.

28. LOCAL_CACHE_HOST

  • Type: str

  • Default: "localhost"

  • ACC_MODE: Yes (ACC_MODE only, requires LOCAL_CACHE_ENABLED=True)

  • Description: Hostname or IP address of the Redis instance used for the "local" cache backend. Only effective when LOCAL_CACHE_ENABLED is True. Combined with LOCAL_CACHE_PORT to form the connection URL: redis://<host>:<port>.

29. LOCAL_CACHE_PORT

  • Type: int

  • Default: 6379

  • ACC_MODE: Yes (ACC_MODE only, requires LOCAL_CACHE_ENABLED=True)

  • Description: Port number of the Redis instance used for the "local" cache backend. Only effective when LOCAL_CACHE_ENABLED is True. Standard Redis port is 6379.

30. LOGIN_REDIRECT_URL_SLUG

  • Type: str

  • Default: None

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Determines the redirect destination after a successful login. Accepts slug values mapped to Django URL names: "home" maps to the "home" URL, "basket" maps to "omnishop_baskets:basket". When None or any unrecognized value, defaults to the basket page ("omnishop_baskets:basket").

31. EMAIL_BACKEND

  • Type: str

  • Default: "omnishop.cms.email.backends.smtp.EmailBackend"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The Django email backend class used for sending emails. The default value is a custom SMTP backend. In local development, the global default uses Django's console backend (django.core.mail.backends.console.EmailBackend) which prints emails to stdout instead of sending them.

32. EMAIL_HOST

  • Type: str

  • Default: required (no default)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Hostname of the SMTP server used for sending emails. Example: "smtp.gmail.com" or "email-smtp.eu-west-1.amazonaws.com".

33. EMAIL_HOST_USER

  • Type: str

  • Default: required (no default)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Username for SMTP authentication. The format depends on the email provider (e.g., full email address for Gmail, SMTP credentials for AWS SES).

34. NO_REPLY_EMAIL

  • Type: str

  • ACC_MODE: Yes (re-read)

  • Description: The no-reply email address used as the sender for automated system emails. Also serves as the default value for DEFAULT_FROM_EMAIL if that variable is not explicitly set.

35. DEFAULT_FROM_EMAIL

  • Type: str

  • Default: NO_REPLY_EMAIL

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Standard Django setting that defines the default "From" address for emails sent by the application. Defaults to the value of NO_REPLY_EMAIL if not explicitly set.

36. TEMPLATE_LOADER

  • Type: str

  • Default: "omnicore.dbtemplates.jinja_loaders.DatabaseAndFileSystemLoader" (ACC_MODE), "jinja2.FileSystemLoader" (local)

  • ACC_MODE: Yes

  • Description: Specifies the Jinja2 template loader class used by the Django-Jinja template backend. In local development, jinja2.FileSystemLoader loads templates only from the filesystem. In production (ACC_MODE), DatabaseAndFileSystemLoader loads templates from the database first (allowing runtime template customization via the admin), falling back to the filesystem.

37. SITEMAP_AUTO_PREFIX

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, automatically prefixes sitemap storage paths with the ACC_PROJECT_APP_UUID value. This enables multi-tenant sitemap storage in a shared S3 bucket by placing each project's sitemaps in a unique subdirectory (sitemaps/<uuid>/). When enabled, SitemapS3Storage is used instead of the default storage. Takes precedence over SITEMAP_MANUAL_PREFIX.

38. SITEMAP_MANUAL_PREFIX

  • Type: str

  • Default: ""

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Manually sets a prefix for sitemap storage paths. When set to a non-empty string (and SITEMAP_AUTO_PREFIX is False), sitemaps are stored under sitemaps/<prefix>/ in S3. When empty and SITEMAP_AUTO_PREFIX is also False, the backward-compatible default path (sitemaps/sitemaps/) is used.

39. STATICSITEMAPS_URL

  • Type: str

  • Default: (dynamic, depends on SITEMAP_AUTO_PREFIX, SITEMAP_MANUAL_PREFIX, and S3_BUCKET_NAME)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The base URL where generated sitemap XML files are publicly accessible. Used by the static_sitemaps library to construct absolute URLs in the sitemap index. The default is dynamically computed based on the S3 bucket name and sitemap prefix configuration. Example: "https://s3.eu-central-1.amazonaws.com/mybucket/sitemaps/uuid/". In local development, defaults to "/".

40. STATICSITEMAPS_ROOT_DIR

  • Type: str

  • Default: "sitemaps/" (backward-compatible mode), "" (when SITEMAP_AUTO_PREFIX or SITEMAP_MANUAL_PREFIX is active)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The root directory path within the storage backend where sitemap files are saved. When SitemapS3Storage is used (prefix mode), this must be empty because the storage class handles the path internally. In backward-compatible mode, defaults to "sitemaps/". In local development, defaults to "sitemaps/".

41. DEFAULT_CURRENCY_TYPE

  • Type: str

  • Default: "try"

  • ACC_MODE: Yes (re-read)

  • Description: The default currency code used throughout the application. Applied as the default currency for catalog pricing, order creation, shipping price, promotion basket offers, and loyalty card operations. The value is used in uppercase form (e.g., "TRY") when communicating with external services. Can be overridden at runtime through dynamic settings. Examples: "try", "usd", "eur", "pln".

  • Type: str

  • Default: "osessionid"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Standard Django setting that defines the name of the cookie used for sessions. The default "osessionid" avoids conflicts with other Django applications that use the standard "sessionid" name. Referenced by the CookieSameSiteMiddleware for SameSite attribute handling.

  • Type: bool

  • Default: not DEBUG (i.e., True in production, False in debug mode)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Django security setting. When True, the CSRF cookie is marked as secure, meaning it will only be sent over HTTPS connections. Automatically set to True when DEBUG is False.

  • Type: bool

  • Default: not DEBUG (i.e., True in production, False in debug mode)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Django security setting. When True, the session cookie is marked as secure, meaning it will only be sent over HTTPS connections. Automatically set to True when DEBUG is False.

  • Type: str

  • Default: "Lax"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Django security setting that controls the SameSite attribute of the CSRF cookie. "Lax" allows the cookie to be sent with top-level navigations from external sites but blocks it on cross-origin subrequests. Other valid values: "Strict" (never sent cross-site), "None" (always sent, requires Secure flag).

  • Type: str

  • Default: "Lax"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Django security setting that controls the SameSite attribute of the session cookie. Works identically to CSRF_COOKIE_SAMESITE but applies to the session cookie. "Lax" is the recommended default for most setups.

47. SMS_OTP_RESENT_TIME_GAP

  • Type: int

  • Default: 60 (seconds)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Minimum time gap in seconds that must pass before a user can request a new SMS OTP code. Used in the user service to rate-limit OTP resend requests, preventing abuse. Setting to 0 disables the rate limiting. Example: with the default of 60, a user must wait at least 60 seconds before requesting a new code.

48. ORDER_SMS_PHONE_NUMBER_GETTER

  • Type: str

  • Default: None

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Python dotted path to a custom function that retrieves the phone number for order-related SMS notifications. Uses the @swappable decorator pattern, allowing the default implementation to be replaced. The default implementation (omnishop.orders.utils.get_order_sms_phone_number) returns order.user.phone or falls back to order.shipping_address.phone_number. When set, the specified function receives the order object and must return a phone number string.

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, replaces the SessionCookieSamesiteMiddleware with the newer CookieSameSiteMiddleware in the middleware stack. The newer middleware applies SameSite and Secure attributes to all cookies (not just the session cookie), providing broader cookie security. Currently marked as experimental but intended to eventually replace SessionCookieSamesiteMiddleware as the default.

50. IS_CLOUD_FRONT_MIDDLEWARE_ACTIVE

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, appends CloudFrontMiddleware to the middleware stack. This middleware extends Django's LocaleMiddleware and reads the HTTP_CLOUDFRONT_VIEWER_COUNTRY header (set by AWS CloudFront) to automatically determine the user's locale based on their geographic location. It maps country codes to supported language codes and sets the Accept-Language header accordingly. Omnitron requests (those with HTTP_X_OMNITRON_SESSION) are excluded from this behavior.

51. IS_ERP_CODE_MIDDLEWARE_ACTIVE

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, inserts ErpCodeMiddleware into the middleware stack (before SegmentationMiddleware). This middleware reads the erp_code cookie from the request and stores it in the user's session. This allows the ERP code to persist across requests and be used for segmentation and other business logic downstream.

52. PRETTY_URL_MULTI_LANGUAGE

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Enables multi-language support in the pretty URL system. When True, pretty URLs are generated and resolved per language, the language field becomes required in pretty URL API serializers, URL generators create slugs for each configured language, and CMS/flatpage serializers enforce language-specific URL entries. Affects prettyurls middleware, i18n module, generators, CMS middleware, CMS serializers, datawarehouse views, and the redirect fallback middleware. This is one of the most impactful multi-language settings in the system.

53. PRETTY_URL_SITE_LANGUAGE_CODE

  • Type: str

  • Default: LANGUAGE_CODE

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Defines the "site language code" used by the pretty URL system to determine the primary/default language for URL resolution. Used by the pretty URL middleware, i18n module, generators, and the redirect fallback middleware to identify which language's URL should be treated as the canonical or default version. Defaults to the value of LANGUAGE_CODE.

54. PRETTY_URL_ONLY_ASCII

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, forces all pretty URL slugs to use ASCII-only characters regardless of language, applying slugify() to convert unicode characters. When False, non-default-language slugs may retain unicode characters (subject to PRETTY_URL_FORCE_UNICODE_SLUG). Used in the slug generation logic of prettyurls/generators.py.

55. CSRF_TRUSTED_ORIGINS

  • Type: list

  • Default: [".com", ".net", ".org", ".tr", ".akinon.net", ".akinoncloud.com"]

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Standard Django setting that defines a list of trusted origins for CSRF validation. Requests from these origins are allowed to make unsafe requests (POST, PUT, DELETE). Uses comma-separated values in the environment variable. Example: "CSRF_TRUSTED_ORIGINS=.myshop.com,.myshop.net".

56. ORDER_NUMBER_GENERATOR

  • Type: str

  • Default: None

  • ACC_MODE: Yes (re-read)

  • Description: Python dotted path to a custom order number generator function. Uses the @swappable decorator pattern, allowing the default implementation to be replaced. When None, the built-in order number generation logic is used. The settings comment indicates this will eventually always be "omnishop.orders.generator.generate_order_number_v2". The generator function's behavior can be further configured via the ORDER_NUMBER_GENERATOR_CONF dynamic setting.

57. MINIMUM_ORDER_AMOUNT

  • Type: str

  • Default: "0.01"

  • ACC_MODE: Yes (re-read)

  • Description: The minimum total amount required for an order to be placed. Used in the order service to validate that the order total meets the threshold, and in order input serializers for validation. Can be overridden at runtime through dynamic settings. The value is compared as a Decimal. Example: "100.00" requires orders to be at least 100 units of the default currency.

58. ACCOUNT_ADAPTER

  • Type: str

  • Default: "omnishop.users.allauth_adapter.CustomDefaultAccountAdapter"

  • ACC_MODE: Yes (re-read)

  • Description: django-allauth setting that specifies the adapter class for account management operations (login, signup, email confirmation, password reset, etc.). The default CustomDefaultAccountAdapter extends allauth's default with custom behavior. Can be swapped to "omnishop.users.allauth_adapter.SSOAccountAdapter" for SSO-specific account handling.

59. ACCOUNT_CONFIRM_EMAIL_ON_GET

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: django-allauth setting. When True, email confirmation is performed automatically when the user clicks the confirmation link (GET request). When False, the user is shown a confirmation page with a form that must be submitted (POST request) to complete the verification.

60. ACCOUNT_EMAIL_VERIFICATION

  • Type: str

  • Default: "optional"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: django-allauth setting that controls the email verification policy. Valid values: "mandatory" (users must verify their email before they can log in), "optional" (verification email is sent but not required for login), "none" (no verification email is sent).

61. ACCOUNT_EMAIL_REQUIRED

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: django-allauth setting. When True, an email address is required during registration. When False, users can register without providing an email address. Note that SOCIALACCOUNT_EMAIL_REQUIRED is separately hardcoded to True for social account registrations.

62. ACCOUNT_DEFAULT_HTTP_PROTOCOL

  • Type: str

  • Default: "http"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: django-allauth setting that specifies the default protocol used when generating absolute URLs (e.g., email confirmation links, password reset links). Should be set to "https" in production environments where HTTPS is enforced.

63. INDEX_PRODUCTS_QUANTITY

  • Type: int

  • Default: 50

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The number of products to process in each batch during the Elasticsearch indexing task (index_products_task). Controls the chunk size for bulk indexing operations. A higher value means fewer batches but more memory usage per batch.

64. COMMERCE_EVENTS

  • Type: dict

  • Default: {"user_logged_in": True, "user_registered": True, "user_updated": True, "basket_offer_created": True, "basket_offer_updated": True, "conversation_replied": True}

  • ACC_MODE: Yes (re-read)

  • Description: Dictionary that controls which commerce events are active in the system. Each key is an event name and the value is a boolean (or dict with serializer config) indicating whether that event should be dispatched. Used by the events service to determine if a particular event should be processed and by the user events module to check if user-related events should be fired. Event keys include user_logged_in, user_registered, user_updated, basket_offer_created, basket_offer_updated, conversation_replied, and more.

65. INDEX_PRODUCTS_PREFETCH_ENABLED

  • Type: bool

  • Default: False (ACC_MODE), True (local)

  • ACC_MODE: Yes (re-read)

  • Description: Enables or disables prefetching of related objects during Elasticsearch product indexing. When True, related data is prefetched in bulk to reduce database queries during indexing. When False, related objects are fetched individually. The local default is True for development convenience, while ACC_MODE defaults to False for production control.

66. ES_MIN_SCORE_COEFFICIENT

  • Type: float

  • Default: 0

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The minimum score coefficient applied to Elasticsearch search results. When set to a value greater than 0, search results with a relevance score below the calculated threshold are filtered out. Used in both product search and search suggestions. A value of 0 disables minimum score filtering (all results are returned). Higher values (e.g., 0.85) result in stricter relevance filtering.

67. USER_PROFILE_VIEW

  • Type: str

  • Default: None

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Python dotted path to a custom user profile view class that replaces the default UserProfileViewSet. When set, the specified class is dynamically imported and used instead of the built-in view. When None, the default UserProfileViewSet is used. Example: "omnishop.users.views.UserProfileSMSOtpView".

68. PASSWORD_HASHERS

  • Type: list

  • Default: ["django.contrib.auth.hashers.PBKDF2PasswordHasher", "django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher", "django.contrib.auth.hashers.Argon2PasswordHasher", "django.contrib.auth.hashers.BCryptSHA256PasswordHasher", "django.contrib.auth.hashers.BCryptPasswordHasher", "omnishop.users.helpers.SHA1MD5PasswordHasher"]

  • ACC_MODE: Yes (re-read)

  • Description: Standard Django setting that defines the list of password hashing algorithms in priority order. The first entry is used for new passwords, while the remaining entries support legacy password verification. Includes the custom SHA1MD5PasswordHasher for backward compatibility with older password formats. Can be overridden to change the priority or add/remove hashers.

69. PASSWORD_RESET_TIMEOUT

  • Type: int

  • Default: 259200 (3 days, in seconds)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Standard Django setting that defines how long a password reset link remains valid, in seconds. After this period, the link expires and the user must request a new one. The default of 259200 seconds equals 3 days.

70. REST_REGISTER_VIEW

  • Type: str

  • Default: None

  • ACC_MODE: Yes (re-read)

  • Description: Python dotted path to a custom registration view class that replaces the default RegisterRedirectView. When set, the specified class is dynamically imported and used as the registration endpoint. When None, the default registration view is used. Example: "omnishop.users.views.RegisterSMSOtpView" for SMS OTP-based registration.

71. REST_AUTH_REGISTER_SERIALIZERS

  • Type: json/dict

  • Default: {"REGISTER_SERIALIZER": "omnishop.users.resources.serializers.RegisterSerializer"}

  • ACC_MODE: Yes (re-read)

  • Description: django-rest-auth setting that defines the serializer classes used for user registration. The REGISTER_SERIALIZER key specifies which serializer handles the registration payload. Can be overridden as either a JSON string or a Python dict to use a custom registration serializer with different field requirements.

72. AUTHENTICATION_BACKENDS

  • Type: tuple

  • Default: ("allauth.account.auth_backends.AuthenticationBackend",)

  • ACC_MODE: Yes (re-read)

  • Description: Standard Django setting that lists the authentication backend classes used to verify user credentials. The default uses allauth's authentication backend, which supports username/email login as configured by ACCOUNT_AUTHENTICATION_METHOD. Can be extended with additional backends for custom authentication flows.

73. SECURE_BROWSER_XSS_FILTER

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Django security setting. When True, adds the X-XSS-Protection: 1; mode=block HTTP header to all responses, instructing the browser to block pages that appear to contain XSS attacks. Note: this header is largely deprecated in modern browsers in favor of Content Security Policy (CSP).

74. SECURE_CONTENT_TYPE_NOSNIFF

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Django security setting. When True, adds the X-Content-Type-Options: nosniff HTTP header to all responses, preventing browsers from MIME-type sniffing. This forces the browser to respect the declared Content-Type, reducing the risk of drive-by download attacks.

75. ACCOUNT_EMAIL_CONFIRMATION_ANONYMOUS_REDIRECT_URL

  • Type: str

  • Default: None

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: django-allauth setting that defines the URL to redirect to after an anonymous (not logged-in) user confirms their email address. When None, allauth uses its default redirect behavior. Can be set to an absolute URL or a relative path. Example: "https://www.myshop.com/email-confirmed".

76. INCLUDE_STOCK_OUT_PRODUCTS_ON_SITEMAP

  • Type: bool

  • Default: True

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Controls whether out-of-stock products are included in the generated sitemap XML. When True, all products (regardless of stock status) appear in the sitemap. When False, out-of-stock products are excluded. Can also be configured through the CMS dynamic settings.

77. ACCOUNT_EMAIL_CONFIRMATION_AUTHENTICATED_REDIRECT_URL

  • Type: str

  • Default: ""

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: django-allauth setting that defines the URL to redirect to after an authenticated (logged-in) user confirms their email address. When empty string, allauth uses its default redirect behavior. Can be set to an absolute URL or a relative path.

78. PREPEND_WWW

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Standard Django setting. When True, Django's CommonMiddleware automatically prepends www. to URLs that don't have it and redirects. For example, myshop.com would redirect to www.myshop.com. When False, no www. prepending or redirecting occurs.

79. PROMOTIONS_SINGLE_COUPON

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Controls whether only a single coupon can be applied per basket. When True, the promotions applicator uses the get_promotions_single_coupons method, which restricts the basket to one coupon at a time instead of allowing multiple coupons to stack. When False, auto-use coupons can be combined. Affects both collection-based and non-collection-based basket offer queries in the applicator.

80. KVKK_UNSUBSCRIPTION_SECRET_MAP

  • Type: json (dict)

  • Default: {}

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: JSON dictionary mapping service names to their secret keys for KVKK (Turkish Personal Data Protection Law) unsubscription verification. Used by the user service to validate unsubscription requests from external services. Each entry maps a service name to its expected secret key. When empty or when the service name is not found, the unsubscription request is rejected. Example: {"service1": "secret1", "service2": "secret2"}.

81. B2B_EXTENSION_CONF

  • Type: json (dict)

  • Default: {}

  • ACC_MODE: Yes (re-read)

  • Description: Configuration dictionary for the B2B (Business-to-Business) extension module. When set (non-empty), B2B URL patterns are activated in urls.py. Contains keys such as "api_url" (upstream B2B API URL) and "password" (B2B authentication password). Used by the B2B API proxy views, payment rules for B2B password validation, and the B2B promotions client for API communication. Example: {"api_url": "https://b2b-api.example.com/api/v1/", "password": "b2b_pass"}.

82. BASKET_UNIT_VALUE_ATTRIBUTE

  • Type: str

  • Default: "basket_unit_value"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The product/basket-item attribute key used to store the unit value when adding weight-based products to the basket (e.g., 1300 for 1300 grams). Part of the "selling products in grams" (kapida) feature. This value is stored as a basket item attribute and used for unit price calculations and display.

83. UNIT_STEP_VALUE_ATTRIBUTE

  • Type: str

  • Default: "unit_step_value"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The product attribute key that defines the step increment value for weight-based products (e.g., 300 for 300-gram increments). Part of the "selling products in grams" feature. Used by the product model to determine the allowed quantity increments.

84. UNIT_REFERENCE_VALUE_ATTRIBUTE

  • Type: str

  • Default: "unit_reference_value"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The product attribute key that defines the reference unit value for weight-based products (e.g., 1000 for 1000 grams = 1 kg). Part of the "selling products in grams" feature. Used by the product model for unit price calculations.

85. UNIT_PRODUCT_FLAG_ATTRIBUTE

  • Type: str

  • Default: "is_unit_product"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The product attribute key that flags whether a product is sold by weight/unit (e.g., grams). Part of the "selling products in grams" feature. When the product has this attribute set to a truthy value, the unit-based pricing and quantity logic is activated.

86. UNIT_MINIMUM_VALUE_ATTRIBUTE

  • Type: str

  • Default: "unit_minimum_value"

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: The product attribute key that defines the minimum order quantity for weight-based products (e.g., 500 for a minimum of 500 grams). Part of the "selling products in grams" feature. Used by the product model to enforce minimum purchase requirements.

  • Type: bool

  • Default: False

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: When True, inserts XCookieToCookieMiddleware at the very beginning of the middleware stack (position 0) and adds "X-Cookie" to CORS_ALLOW_HEADERS. This middleware reads the X-Cookie HTTP header and copies it to the standard HTTP_COOKIE header, allowing clients (e.g., mobile apps) to send cookie data via a custom header instead of the standard Cookie header. Useful for environments where the standard Cookie header cannot be set directly.

88. DATA_UPLOAD_MAX_MEMORY_SIZE

  • Type: int

  • Default: 2621440 (2.5 MB)

  • ACC_MODE: Yes (ACC_MODE only)

  • Description: Standard Django setting that limits the maximum size of the request body (excluding file uploads) in bytes. Requests with a body larger than this value will raise RequestDataTooBig. The default of 2621440 bytes equals 2.5 MB. Increase if the application needs to accept larger JSON payloads or form data.

89. SEARCH_DYNAMIC_FILTER_ACTIVE

  • Type: bool

  • Default: False

  • ACC_MODE: No (global scope)

  • Description: Enables dynamic filtering for Elasticsearch search results. When True, the system reads HTTP_X_SEARCH_DYNAMIC_EXCLUDE and HTTP_X_SEARCH_DYNAMIC_FILTER request headers (base64-encoded JSON), parses them, and applies them as additional filter/exclude criteria to search queries. This allows clients to dynamically modify search behavior per request without changing the search configuration. Filter values are cached in memory for performance.

90. SEARCH_FUZZY_SEARCH_ACTIVE

  • Type: bool

  • Default: False

  • ACC_MODE: No (global scope)

  • Description: Enables fuzzy matching in Elasticsearch facet search. When True, search queries use fuzzy matching to find results that are similar but not exact matches to the search term, tolerating typos and spelling variations. Used in the facet search module (facet_search.py).

91. CELERY_SCHEDULED_TASKS

  • Type: json (dict)

  • Default: {}

  • ACC_MODE: No (global scope)

  • Description: JSON dictionary defining Celery Beat scheduled tasks dynamically via environment variables. Each key is a task name, and the value is a dictionary containing "task" (dotted path to the task function), "schedule" (crontab parameters as a dict), "args" (positional arguments list), and "kwargs" (keyword arguments dict). Tasks are registered into CELERYBEAT_SCHEDULE at startup. Example: {"my_task": {"task": "myapp.tasks.cleanup", "schedule": {"hour": 2, "minute": 0}, "args": [], "kwargs": {}}}.

92. CORS_ALLOWED_ORIGINS

  • Type: list

  • Default: ["https://docs.akinon.com", "https://apidocs.akinon.com"]

  • ACC_MODE: No (global scope)

  • Description: List of origins that are authorized to make cross-origin requests. Used by the django-cors-headers middleware to set the Access-Control-Allow-Origin response header. Only requests from these origins will be allowed for CORS. Comma-separated in the environment variable. Example: "CORS_ALLOWED_ORIGINS=https://www.myshop.com,https://admin.myshop.com".

Last updated

Was this helpful?