# Environments {% hint style="info" %} **Good to know** The number of available environments in your solution depends on your subscription tier. Read more about deploying across the different environments [here](https://docs.appfarm.io/operations/deploy#environments). {% endhint %} You can configure each Appfarm Client environment in your solution separately. You can enable or disable platform features, set solution-wide defaults that will apply across all apps, and customize settings to ensure your apps work as expected. It is common to maintain different environment configurations, particularly between Development and Production. For example, in Development and Test it is very helpful to have client logs enabled but this is not typically enabled in Production. On the other hand, you might have Schedules enabled in Production, but not in any other environment. In general, it is a good idea to only enable the features and configurations that are required for your apps and services to run in a given environment. This will help keep your solution safe from unintended issues. ## Enable/Disable Environment Solution [Owners](https://docs.appfarm.io/security/roles#built-in-roles) can enable and disable Development, Test, and Staging environments (if available on your subscription tier) from the Environment Configuration page. For Production environment changes, contact your Appfarm representative. When enabling an environment for the first time, you must deploy a version before it becomes accessible. You can configure environments before enabling them. Disabling an environment takes it offline while preserving all data until you re-enable it. To disable an environment, use the button at the bottom of the environment configuration page (see image below).\ Note: after enabling/disabling an environment, a refresh is required before the environment status is reflected in the Dashboard and the Deploy page. {% hint style="warning" %} **Important** * The Staging environment uses the Production database. Any changes made to data in Staging will be reflected in Production. * Users exist across all environments. For example, a user created in Production can be deleted in Test. See [Users](https://docs.appfarm.io/reference/security/users) for more details.
{% endhint %}

The Environment Configuration page with the "Disable Environment" button at the bottom

## General settings

Setting	Description
Login Config	Assign a login configuration.
Enable GraphQL	Enable GraphQL access.
Enable GraphQL Auxilary Endpoints	Will enable a built-in endpoint for all GraphQL enabled Object Classes with built-in Random Identifier. This endpoint may be used to update this identifier of existing records. Read more here.
Enable GraphQL Explorer	Enable GraphiQL, a web-based tool for running GraphQL queries and mutations to see and modify the data in the database.
Enable API Services	Enable services to run.
Enable API Explorer	Enable the a user interface for documentation and testing of services.
Enable Scheduler	Enable schedules to run.

## Maintenance

Setting	Description
Enable Maintenance Mode	Show a maintenance mode page to all users in the Appfarm Client and disable access to apps.
Maintenance Mode Text	Text to show on the maintenance mode page.
GraphQL Maintenance Mode	Return `503 Service Unavailable` on all external requests to the GraphQL endpoint.
Services Maintenance Mode	Return `503 Service Unavailable` on all external requests to services endpoints. Schedules are not affected by this setting. To prevent schedules from triggering services, clear either Enable Scheduler or Enable API Services.

## Email settings

Setting	Description
Email Provider	Choose between Appfarm, Mailgun, Amazon SES or SendGrid. By default, emails sent from a solution use the integrated Appfarm mail server. The sender domain is appfarm-mail.com The sender name is the solution name There is a maximum number of emails that can be sent per month. The limit is specified in your subscription agreement.

Setting

Description

Email Provider

Choose between Appfarm, Mailgun, Amazon SES or SendGrid.

By default, emails sent from a solution use the integrated Appfarm mail server.

The sender domain is appfarm-mail.com
The sender name is the solution name
There is a maximum number of emails that can be sent per month. The limit is specified in your subscription agreement.

## Log options

Setting	Description
Enable Client Log	Print log messages to the browser console. This checkbox must also be selected to enable Developer Tools.
Simulate Messaging Only	Enable this option to prevent email and SMS messages from being sent. The relevant action nodes will still run, but the actual sending will be simulated. This option can be helpful during development and testing.

## Progressive Web App defaults These values are serve as defaults for all of your apps in the [web application manifest](https://developer.mozilla.org/en-US/docs/Web/Manifest). They can be overwritten per app in [App Settings](https://docs.appfarm.io/reference/apps/app-settings).

Setting	Description
Name	The name of the app. It may be displayed among a list of other apps or as a label for an icon. Defaults to `Appfarm`.
Short Name	An abbreviated name used as the app name on device homescreens and other places with limited space. Defaults to `Appfarm`.
Orientation	The default orientation of your app on mobile devices.
Background Color	A color that may be used by the operating system as a placeholder while the app's styles are loaded. Usually, this should match the background color of the app.
Theme Color	A color that may be used by the operating system when displaying the app. This color may apply even when an app is not installed as a PWA.
Icon 72x72–512x512	App icons of various dimensions that can be used in different contexts across an operating system. The icons must be uploaded to Files.

## Session settings

Setting	Description
Absolute Timeout	The maximum length of a user session before the user must reauthenticate. The default length is 15 552 000 (180 days). The maximum length is 31 536 000 (365 days).
Renewal Timeout	The maximum length of a user session before it will not be automatically renewed. The default length is 604 800 (7 days). The maximum length is 5 184 000 (60 days). It is recommended to set this value a little longer than the typical usage period of your apps.

## Content security By default, Appfarm implements a strict set of content security settings to protect users against common attacks. However, we also allow for easy integration with third-party services and sites and you may need to allow their domains within the following policies. These settings map directly to the [Content Security Policy (CSP) standard](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy).

Setting	Description
Web Request Targets	Allowed domains that can receive web requests directly from the client. If you only send web requests from the server, which is the default behaviour, you do not need to allow the receiving domains here.
Font Sources	Allowed domains that can deliver fonts to the Appfarm Client.
Frame Targets	Allowed domains that can be loaded into frame/iframe tags.
Frame Ancestors	Allowed domains that can embed the Appfarm Client in frame/iframe tags.
Image Sources	Allowed domains that can deliver images to the Appfarm Client.
Script Sources	Allowed domains that can deliver scripts to the Appfarm Client.
Style Sources	Allowed domains that can deliver stylesheets to the Appfarm Client.
Allow Insecure Resources	If enabled, the CSP policy upgrade-insecure-requests will be disabled. This is only required if you embed passive content (images) from sources that must be HTTP instead of HTTPS. You should always prefer HTTPS.
Public Assets	Allowing external tools (such as Hotjar) to access and use Appfarm assets (fonts and stylesheets) without authentication.

## Application security

Setting	Description
Unauthenticated Access	Enable this option to be able to serve apps with unauthenticated access.
Service Account	Unauthenticated apps will run as the service account specified here. Unauthenticated users will have the app and data permissions granted to the role(s) the service account has assigned.

## Service security

Setting	Description
Unauthenticated Access	Enable this option to be able to run services with unauthenticated access. A typical use case is running services from unauthenticated Apps.
Service Account	Unauthenticated access to Services will run as the service account specified here. The permissions of this unauthenticated access equals the permissions granted to the role(s) of this service account.
Max Payload Size	Override the default permitted size (in MB) for incoming POST requests to an Appfarm Service Endpoint. The default is 1 MB, and you may allow up to 50 MB.

## GraphQL security

Setting	Description
Unauthenticated Access	Enable this option to be able to access the GraphQL endpoints with unauthenticated access. A typical use case is performing web requests towards the GraphQL Endpoints for querying data.
Service Account	Unauthenticated access to GraphQL will run as the service account specified here. The permissions of this unauthenticated access equals the permissions granted to the role(s) of this service account.

## User account manipulation User accounts are global resources. Changes to user accounts in any environment will affect production. The settings below are automatically cleared every night for Development, Test and Staging to prevent unintended user changes.

Setting	Description
Allow Create User Account	Enable user account creation within apps.
Allow Update User Account	Enable user account updates within apps.
Allow Delete User Account	Enable user account deletion within apps.

## Other

Setting	Description
Custom Header Tags	Add custom `meta` and `script` tags inside the `<head>` element of your apps. This is useful when you need to add site-wide scripts, for example to implement analytics or a chatbot. See Custom header tags.
Google Analytics ID	Note: This feature is deprecated, and set to READ ONLY. Google Analytics will not be supported as a built-in setting by Appfarm from mid-2023. From July 1st 2023, Google will replace Google Analytics (Universal Analytics, currently supported natively by Appfarm) with GA4. A transition guide will be distributed to those using the built-in Google Analytics ID setting. Integrate your apps with Google Analytics. Once you add an ID, the necessary scripts will be added to your apps, and page views will be automatically tracked. As with all client-side analytics, any ad-blockers or browser settings that prevent tracking may affect your reporting. Note that this is only for Universal Analytics properties. Google Analytics 4 is not supported. You may check out our guide in Integrating with Google Analytics 4.
.well-known Directory Entries	Add publicly discoverable site-wide metadata. This is used for example, when configuring Apple Pay or universal links.
Default App	An unauthenticated user will be redirected to this app if they navigate to the root URL of the Appfarm Client. This setting is useful when there is a public app that acts as an entry point, such as a public web page - and you always want that App as entry point if the user is not logged in. If a user is logged in and has access to multiple apps, the list of apps will be shown. Please also note the setting Login Config -> App for defining a custom Login App.

### Custom header tags Add meta tags and import custom scripts into your apps by creating custom header tags. Example use cases include additional open graph meta tags, analytics scripts, and third-party chatbots. Custom header tags will be added to every app in the given environment. Controlling the tags at the environment level can be useful to customize or restrict analytics scripts that collect page views or track user behaviour. Custom header tags can be used to load external javascript libraries in your apps and can be referenced when writing [functions](https://docs.appfarm.io/reference/platform-concepts/functions) or [code](https://docs.appfarm.io/library/action-nodes/run-code).

Setting	Description
Description	A description of the header tag for easy identification.
Tag Type	The HTML tag to add. The options are: `Meta` `Script Content` `Script URL`
Name	Meta tag type only. The value for the name attribute of the meta tag. For example, to add a meta description tag you would enter description.
Content	Meta tag type only. The value for the content attribute of the meta tag. For example, to add a meta description tag you would enter the actual description you wish to include.
Script/Script URL	Script tags only. The JavaScript code or URL of a file containing JavaScript, depending on the chosen tag type. NB: If you add a Script URL, remember to add the domain to Environment -> Content Security -> Script Sources as well!
Async	Script tags only. The script should be loaded asynchronously. Find more information about the async attribute on MDN.
Defer	Script URL only. The script execution should be deferred. For more information about the defer attribute on MDN.
Custom attributes	Custom attributes for the Custom header tag. Set the attribute and a value. Example for Script URL Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match. You can add `integrity` and `crossorigin` as Custom attributes in order to provide the following example Script URL header tag to your app: `<script src="https://cdn.example.com/app.js" integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB" crossorigin="anonymous"></script>`