Skip to main content
Skip to main content

ProjectConfigOptions

Essential configurations related to the Medusa backend, such as database and CORS configurations.

Properties

database_loggingLoggerOptionsRequired
This configuration specifies what database messages to log. Its value can be one of the following:
  • (default) A boolean value that indicates whether any messages should be logged.
  • The string value all that indicates all types of messages should be logged.
  • An array of log-level strings to indicate which type of messages to show in the logs. The strings can be query, schema, error, warn, info, log, or migration. Refer to Typeorm’s documentation for more details on what each of these values means.
If this configuration isn't set, its default value is false, meaning no database messages are logged.
store_corsstring
The Medusa backend’s API Routes are protected by Cross-Origin Resource Sharing (CORS). So, only allowed URLs or URLs matching a specified pattern can send requests to the backend’s API Routes. store_cors is a string used to specify the accepted URLs or patterns for store API Routes. It can either be one accepted origin, or a comma-separated list of accepted origins. Every origin in that list must either be:
  1. A URL. For example, http://localhost:8000. The URL must not end with a backslash;
  2. Or a regular expression pattern that can match more than one origin. For example, .example.com. The regex pattern that the backend tests for is ^([/~@;%#'])(.*?)\1([gimsuy]*)$.
admin_corsstring
The Medusa backend’s API Routes are protected by Cross-Origin Resource Sharing (CORS). So, only allowed URLs or URLs matching a specified pattern can send requests to the backend’s API Routes. admin_cors is a string used to specify the accepted URLs or patterns for admin API Routes. It can either be one accepted origin, or a comma-separated list of accepted origins. Every origin in that list must either be:
  1. A URL. For example, http://localhost:7001. The URL must not end with a backslash;
  2. Or a regular expression pattern that can match more than one origin. For example, .example.com. The regex pattern that the backend tests for is ^([/~@;%#'])(.*?)\1([gimsuy]*)$.
cookie_secretstring
A random string used to create cookie tokens. Although this configuration option is not required, it’s highly recommended to set it for better security. In a development environment, if this option is not set, the default secret is supersecret However, in production, if this configuration is not set, an error is thrown and the backend crashes.
jwt_secretstring
A random string used to create authentication tokens. Although this configuration option is not required, it’s highly recommended to set it for better security. In a development environment, if this option is not set the default secret is supersecret However, in production, if this configuration is not set an error, an error is thrown and the backend crashes.
database_databasestring
The name of the database to connect to. If specified in database_url, then it’s not required to include it. Make sure to create the PostgreSQL database before using it. You can check how to create a database in PostgreSQL's documentation.
database_urlstring
The connection URL of the database. The format of the connection URL for PostgreSQL is: 
postgres://[user][:password]@[host][:port]/[dbname]
Where:
  • [user]: (required) your PostgreSQL username. If not specified, the system's username is used by default. The database user that you use must have create privileges. If you're using the postgres superuser, then it should have these privileges by default. Otherwise, make sure to grant your user create privileges. You can learn how to do that in PostgreSQL's documentation.
  • [:password]: an optional password for the user. When provided, make sure to put : before the password.
  • [host]: (required) your PostgreSQL host. When run locally, it should be localhost.
  • [:post]: an optional port that the PostgreSQL server is listening on. By default, it's 5432. When provided, make sure to put : before the port.
  • [dbname]: (required) the name of the database.
You can learn more about the connection URL format in PostgreSQL’s documentation.
database_schemastring
The database schema to connect to. This is not required to provide if you’re using the default schema, which is public. 
1module.exports = {2  projectConfig: {3    database_schema: process.env.DATABASE_SCHEMA ||4      "custom",5    // ...6  },7  // ...8}
database_extraRecord<string, unknown> & object
An object that includes additional configurations to pass to the database connection. You can pass any configuration. One defined configuration to pass is ssl which enables support for TLS/SSL connections. This is useful for production databases, which can be supported by setting the rejectUnauthorized attribute of ssl object to false. During development, it’s recommended not to pass this option.
redis_urlstring
Used to specify the URL to connect to Redis. This is only used for scheduled jobs. If you omit this configuration, scheduled jobs won't work. :::note You must first have Redis installed. You can refer to Redis's installation guide. ::: The Redis connection URL has the following format: 
redis[s]://[[username][:password]@][host][:port][/db-number]
For a local Redis installation, the connection URL should be redis://localhost:6379 unless you’ve made any changes to the Redis configuration during installation.
redis_prefixstring
The prefix set on all keys stored in Redis. The default value is sess:. If this configuration option is provided, it is prepended to sess:.
redis_optionsRedisOptions
An object of options to pass ioredis. You can refer to ioredis’s RedisOptions documentation for the list of available options.
session_optionsSessionOptions
An object of options to pass to express-session.
http_compressionHttpCompressionOptions
Configure HTTP compression from the application layer. If you have access to the HTTP server, the recommended approach would be to enable it there. However, some platforms don't offer access to the HTTP layer and in those cases, this is a good alternative. Its value is an object that has the following properties: If you enable HTTP compression and you want to disable it for specific API Routes, you can pass in the request header "x-no-compression": true.
Was this section helpful?
© 2024 Medusa, Inc. All rights reserved.