There is something called the "same-origin policy" that all modern web browsers follow, along with a security mechanism called "Cross-Origin Resource Sharing" which prevents scripts being delivered by one server from sending requests to another server without having permission to receive a response.

This setting is a list of remote domains that are to be allowed to receive responses from HashOver. This allows you to host HashOver on one server while using it on another different server. For example, hosting HashOver on a service that supports PHP, but using it on a host that doesn't support PHP, like GitHub pages.

This setting is empty by default, allowing no remote access.

This setting controls whether users may dislike each other's comments. Setting this to true will cause a dislike button and a dislike count to be shown to the user, setting this to false will hide the dislike button and dislike count.

This setting is false by default.

This setting controls whether users can post images in their comments. Setting this to true will allow users to post images in their comments using the [img]...[/img] syntax, setting this to false will cause said syntax to be treated as a normal link.

This setting is true by default.

This setting controls whether users may like each other's comments. Setting this to true will cause a like button and a like count to be shown to the user, setting this to false will hide the like button and like count.

This setting is true by default.

This setting controls whether users are allowed to login. Setting this to true will cause a "Login" button to be shown to the user, setting this to false will hide the "Login" button and the login information fields will continue to be shown.

This setting is true by default.

This setting controls whether users are allowed to reply to each other outside of HashOver over email. Setting this to true will cause the user's email address to be set as the Reply-To header of reply notification emails, setting this to false will cause the email address in the secret $noreplyEmail setting to be used instead. The admin user is always allowed to reply by email.

This setting is false by default.

This setting controls whether the configured theme CSS file is automatically added to the page. Setting this to true will cause the theme CSS file to be automatically added to the page, if it is not already present. Setting this to false will mean you will have to add the theme CSS file to the page yourself using a <link> element or by importing it into your website's existing CSS using an @import statement.

This setting is true by default.

This setting controls whether the comments RSS API is added to the page. Setting this to true will cause a link to the RSS API to be placed in the end links section and the user's web browser will be made aware of the feed, setting this to false will cause neither of these things to be done.

This setting is true by default.

Note: Web browsers have been removing support for RSS and feed readers have been decreasing in popularity over the last decade. This setting, along with the RSS API, may be removed in the future.

This setting controls how many comments are shown before they start getting collapsed, when comment collapsing is enabled.

This setting is 3 by default.

This setting controls whether the comments get collapsed. Setting this to true will cause a configurable number of comments to be shown and the rest to be hidden. A button will be added to the page that allows the user to display the collapsed comments. Setting this to false will cause all comments to be shown.

This setting is true by default.

This setting controls whether the entire HashOver interface gets collapsed. Setting this to true will hide the primary comment form, all comments, and the end links. A button will be added to the page that allows the user to display the collapsed interface. Setting this to false will cause the interface to be shown.

This setting is false by default.

This setting controls when cookies set by HashOver expire. This setting is a relative DateTime format, so cookies expire a certain number of days or months from the current date. You can use things like +24 hours, next week, next month, +1 year, among other options, or you can use session to have the cookies expire at the end of the session (when the browser closes).

This setting is next month by default.

This setting controls whether deleted comments get counted.

This setting is true by default.

This setting controls how the comments are stored. The available formats are xml, json, and sql. When using SQL you need to set the $databaseType setting in the /hashover/backend/classes/secrets.php file, where the two supported types of SQL databases are sqlite and mysql. See the Setup page for more information about setting up HashOver for use with an SQL database.

This setting is xml by default.

This setting controls how comment post dates are formatted when the Intl extension is installed. This format is in the ICU datetime format, by default the format outputs a date like "January 1, 2020". The dates are localized automatically based on the locale code in the language setting.

This setting is MMMM d, YYYY by default.

This setting controls how comment post dates are formatted. This format is in the PHP DateTime format, by default the format outputs a date like "January 1, 2020".

This setting is F j, Y by default.

This setting controls what name a user will be given if they don't enter a name when posting their comment. Since a name is not required by default.

This setting is Anonymous by default.

This setting controls the default order comments will appear in.

The available options are...

ascending

Sorts comments in the order they were posted.

descending

Sorts comments in the reverse order they were posted.

by-date

Sorts comments with the newest at the top.

by-likes

Sorts comments with the most likes at the top.

by-replies

Sorts comments with the most replies at the top.

by-discussion

Sorts comments with the most discussion at the top. This means comments with the most replies and the most replies to replies. In other words, comments with the most participation and activity are at the top.

by-popularity

Sorts comments with the most likes and the most liked replies at the top. In other words, the most popular comment threads are at the top.

by-name

Sorts comments by the commenter names in alphabetical order.

threaded-descending

Same as descending, but leaves the replies in ascending order.

threaded-by-date

Same as by-date, but leaves the replies in ascending order.

threaded-by-likes

Same as by-likes, but leaves the replies in ascending order.

threaded-by-name

Same as by-name, but leaves the replies in ascending order.

This setting is ascending by default.

This setting controls whether the page title is displayed above the primary comment form. Setting this to true will cause the text above the primary comment form to say something like " Post a comment on "Super Cool Article Title" ", setting this to false will cause this text to simply say "Post a comment".

This setting is true by default.

This setting controls the behavior of the email address field. Setting this to on will cause the field to be shown, setting this to off will cause the field to be hidden, setting this to required will cause the field to be shown and require a properly formatted email address before the user will be allowed to post their comment.

This setting is on by default.

This setting is a list of APIs to enable. The available options are rss, json, latest, all to enable all APIs, or leave the array empty to disable all APIs.

This setting is ["all"] by default.

This setting controls the position of the primary comment form. Setting this to top will cause the form to appear before the comments, setting this to bottom will cause the form to appear after the comments but before the end links.

This setting is top by default.

This setting controls which themed Gravatar default avatars to use when a user's email address doesn't have a Gravatar avatar image associated with it. For available options, please see the Gravatar documentation. The option custom is also supported, which loads the HashOver default avatar.

This setting is custom by default.

This setting controls whether the themed Gravatar default avatars are always loaded instead of each user's personal avatar image.

This setting is false by default.

This setting controls the type of avatar each comment has. The available options are image for a Gravatar avatar image, count for the comment number, or none.

This setting is image by default.

This setting controls the size of the Gravatar avatar image.

This setting is 45 by default.

This setting controls the type of images used in the interface. Use png for greatest backward compatibility, use svg for scalability. This setting is automatically set to svg on mobile devices to allow scalability, since most mobile devices support SVG.

This setting is png by default.

This setting is a list of image file extensions that will be allowed to be posted and displayed in comments using the [img]...[/img] syntax, any other file extensions will be converted to normal links.

This setting is ["jpeg", "jpg", "png", "gif"] by default.

This setting controls the language of the HashOver interface, its locale. A number of languages are currently supported, look in /hashover/backend/locales to see if your preferred language is there. This setting expects the value to be a valid locale code in a common format, like en_US, de_DE, ja_JP, etc. The auto option is also supported which will cause HashOver to try to use the current system locale.

This setting is auto by default.

This setting controls how many comments will be collected as metadata for the Latest Comments API. Changing this setting does not change the number of comments already collected, so there may be a delay in how many are shown.

This setting is 10 by default.

This setting controls whether metadata is updated when HashOver is accessed from within a local network. Setting this to true will allow metadata to be created and updated for local network requests, setting this to false will only allow metadata to be updated for remote requests.

Metadata about each page using HashOver, such as title and URL, is created or updated every time a request for comments is sent to the HashOver server backend. This is fine for production use, but it might not be desirable in development where each page URL might be different than in production. For example, the domain might be different: example.com vs. 127.0.0.1.

This setting is false by default.

This setting controls how user login is handled. Only the original login system, which uses cookies to store the user's information on their system for easy commenting after their first comment, has been implemented currently.

This setting is DefaultLogin by default.

This setting controls how email notifications are sent. Setting this to sendmail will cause HashOver to send email using the built-in email support in PHP, setting this to smtp will cause HashOver to use its own SMTP functionality to send email.

Using sendmail may cause problems with some Internet Service Providers (ISP), hosting providers, and certain server configurations. When this happens you may need to send email notifications through a remote SMTP server. See the Setup page for more information about setting up HashOver for use with an SMTP server.

This setting is sendmail by default.

This setting controls what format email notifications will be sent in. Setting this to text will cause the notification emails to be sent as plain text, setting this to html will cause the notification emails to be sent as HTML with the plain text version sent as a fallback option. Each HashOver theme should include both a text and HTML notification email template file, which can be modified to your liking.

This setting is text by default.

This setting controls whether the HashOver frontend JavaScript code will be minified. Minification is a process by which unnecessary code is removed to reduce the size of the file sent to the user, which can help save bandwidth. Setting this to true will cause HashOver to minify the frontend JavaScript code, setting this to false will cause HashOver to return the full code.

HashOver has a built-in minifier, which reduces the size of the JavaScript by removing code comments and unnecessary lines and other characters. This minifier does not obfuscate the code, and it provides a link to the full original source code as a code comment at the top of the minified output.

This setting is false by default.

This setting controls the level of minification. 1 will remove code comments. 2 will remove indentation and empty lines. 3 will remove all newlines, so the code is on a single line. 4 will remove spaces before parentheses, spaces around operators, and unnecessary semicolons. Higher levels apply the minification of all lower levels.

This setting is 1 by default.

This setting controls the behavior of the name field. Setting this to on will cause the field to be shown, setting this to off will cause the field to be hidden, setting this to required will cause the field to be shown and require a value before the user will be allowed to post their comment.

This setting is on by default.

This setting controls the behavior of the password field. Setting this to on will cause the field to be shown, setting this to off will cause the field to be hidden, setting this to required will cause the field to be shown and require a value before the user will be allowed to post their comment.

This setting is on by default.

This setting controls whether a comment requires approval when it is edited by a user. Setting this to true will cause comments to get reset to the pending status every time they are edited, setting this to false will cause approved comments to stay approved even when they are edited.

This setting is separate from but complementary to general comment moderation, the uses-moderation setting. This is because you will receive an email notification about each new comment but not about each comment edit, so you may want to moderate comment edits while not moderating all new comments.

This setting is false by default.

This setting controls how many comments are allowed to be considered popular; how many comments will appear in the "Popular Comments" section. Setting this to 0 will allow no comments to become popular.

This setting is 2 by default.

This setting controls how many net likes are needed for a comment to be considered "popular"; whether they qualify to be shown in the "Popular Comments" section. For this calculation net likes is: number of likes minus number of dislikes.

This setting is 5 by default.

This setting controls how reply comments are displayed. Setting this to thread will cause replies to be shown as a thread, where each reply always gets indented. Setting this to stream will cause the comments to be displayed with only limited, but configurable, levels of indentation. This prevents comments with many replies from becoming too narrow to read as they run out of horizontal space.

This setting is thread by default.

This setting controls whether users must be logged in to comment. Setting this to true will cause the entire interface to be hidden with a message about the login requirement being shown when a user is not logged in, setting this to false will allow users to view and post comments without being logged in first.

This is a technical setting implemented to allow very restrictive custom login methods, particularly those designed to integrate HashOver into a website's own login system to prevent people who are not logged in to the website itself from posting comments. Do not set this to true unless you have created a way for users to login to HashOver without using HashOver itself to do so.

This setting is false by default.

This setting controls whether the HashOver cookies will only be transmitted from the user over a secure HTTPS connection. Setting this to true will cause cookies to only be sent over an HTTPS connection, setting this to false will cause cookies to be sent over both HTTP and HTTPS connections.

This setting is false by default.

This setting controls whether HashOver will send notification emails and to whom. Setting this to to-admin will cause HashOver to only send notification emails to the configured notification email address, setting this to to-users will cause HashOver to only send notification emails to users when they reply to each other, setting this to to-everyone will cause HashOver to send notification emails to both admin and users, setting this to to-nobody will cause HashOver to not send notification emails at all.

This setting is to-everyone by default.

This setting controls the default timezone used by the server. By default, the server's timezone will try to be automatically detected, but if the time is incorrect you will want to set this manually. This setting expects a timezone location in a common format, like America/Los_Angeles, Europe/Berlin, or Asia/Tokyo. For a full list of available timezones see the PHP documentation.

This setting is auto by default.

This setting controls whether HashOver will set cookies. Setting this to true will cause cookies to be set for things like the name, email, and website fields. Setting this to false will prevent HashOver from setting cookies.

If you are in Europe, you might find it useful to set this to false in the settings, but set it to true from the frontend options once you have obtained permission to set cookies from the user. See the Technical page for more information about how to adjust settings from the frontend options.

This setting is true by default.

This setting controls whether the number of reply comments are shown separately from the number of normal comments. Setting this to true will cause the comment count to show the number of replies separately from the number of normal comments, for example "10 comments (25 counting replies)". Setting this to false will cause only the total number of comments to be shown, for example "25 comments".

This setting is true by default.

This setting controls which HashOver modes have IP address spam checking. HashOver has two modes, JavaScript mode and PHP mode, one or the other or both can have IP address spam checking enabled. PHP mode is more susceptible to spam attacks, but both modes can be targeted on popular websites. Setting this to javascript will enabled IP address spam checking for only JavaScript mode, setting this to php will enabled IP address spam checking for only PHP mode, setting this to both will enable IP address spam checking in both modes.

This setting is php by default.

This setting controls where to find the spam IP address database. Setting this to remote will cause HashOver to send a request to stopforumspam.com whenever a user posts a comment, to verify if their IP address is a known spammer in this database. Setting this to local will cause HashOver to check if the IP address of the user is in the local /hashover/config/spam-database.csv database.

This setting is remote by default.

This setting controls whether each user's IP address is stored along with their comment. Setting this to true will cause the user's IP address to be stored with their comment, setting this to false will cause the user's IP address to not be stored.

You should set this true if you are having a troublesome user spamming your comments, so that you can get their IP address and add it to the blocklist.

This setting is false by default.

This setting controls how many levels of indentation replies have in stream mode.

This setting is 3 by default.

This setting controls whether users are subscribed to email notifications by default. Setting this to true will cause the "Notify me of replies" checkbox to be checked by default, setting this to false will cause this checkbox to be unchecked by default.

This setting is true by default.

This setting controls whether comment threads should be separated by domain names. Setting this to true will cause each website HashOver is used on to get their own directory under /hashover/comments, with their own metadata. Setting this to false will cause all websites to be treated as one, with all threads and metadata directly under the /hashover/comments directory.

When using an SQL database, this setting only controls whether the domain column should be respected or not, it does not change the data structure.

This setting is false by default.

This setting controls the theme, specifically, it controls which theme CSS file to add to the page and which theme directory to load the HTML template from. See the admin Settings page for available themes.

This setting is default by default.

This setting controls how comment post times are formatted when the Intl extension is installed. This format is in the ICU datetime format, by default the format outputs a 12-hour time like "12:00 PM". You can use HH:mm for 24-hour time. The time is localized automatically based on the locale code in the language setting.

This setting is h:mm a by default.

This setting controls how comment post times are formatted. This format is in the PHP DateTime format, by default the format outputs a 12-hour time like "12:00 PM". You can use H:i for 24-hour time.

This setting is h:mm a by default.

This setting controls whether user deleted comments are actually deleted from storage. Setting this to true will cause the file or database row to be deleted when a user deletes their comment. Setting this to false will cause deleted comments to only be given the deleted status, which will cause the comments to appear deleted to normal users while still remaining in storage and visible to the admin user.

This setting is false by default.

This setting controls whether most actions in the JavaScript frontend are performed over asynchronous requests (AJAX). Setting this to true will cause most actions like posting or editing a comment, and loading more comments to be performed using AJAX requests, which don't require the page to be reloaded. Setting this to false will cause most actions to trigger a page reload, and may disable some functionality.

This setting is true by default.

This setting controls whether a user is automatically logged in when they post their first comment. Setting this to true will cause a user to be automatically logged in when they post their first comment, setting this to false will cause the user to remain logged out and will only be logged in when they choose to login.

This setting is true by default.

This setting controls whether reply and edit forms have cancel buttons. Setting this to true will cause cancel buttons to be shown in the reply and edit forms, setting this to false will hide the cancel buttons.

This setting is true by default.

This setting controls whether form text inputs have labels. Setting this to true will cause a label to be shown above text inputs, such as the name, password, email, website, and comment fields. Setting this to false will hide these labels.

This setting is false by default.

This setting controls whether Markdown in comments will be parsed. Setting this to true will cause Markdown in comments to be converted to HTML, setting this to false will cause Markdown to appear as-is, unprocessed.

This setting is true by default.

This setting controls whether new comments need to be approved by the admin user before they will appear to normal users. Setting this to true will cause all new comments to be given the pending status, which will cause them to appear as a pending notice for normal users until they are approved by the admin user. Setting this to false will cause all new comments to be automatically approved.

This setting is false by default.

This setting controls whether the comment post dates use a short format. Setting this to true will cause comment post dates to use a short format, like "1 day ago". Setting this to false will cause comment post dates to use the full format, as configured in the date-pattern and time-pattern or date-format and time-format settings.

This setting is true by default.

This setting controls whether the JavaScript frontend will adjust the comment post times to the user's timezone. Setting this to true will cause HashOver to adjust the comment post times to the user's timezone as calculated by the difference between the server's time and the user's local time. Setting this to false will cause the comment post times to appear in the server's timezone.

This setting is true by default.

This setting controls the behavior of the website field. Setting this to on will cause the field to be shown, setting this to off will cause the field to be hidden, setting this to required will cause the field to be shown and require a properly formatted website URL before the user will be allowed to post their comment.

This setting is on by default.