server:
  host: "0.0.0.0"
  port: 8080
  mode: "release"
  frontend_url: ""
  trusted_proxies: []
  max_request_body_size: 268435456

run_mode: "standard"

cors:
  allowed_origins: []
  allow_credentials: true

security:
  url_allowlist:
    enabled: true
    upstream_hosts:
      - "api.openai.com"
      - "api.anthropic.com"
      - "api.kimi.com"
      - "open.bigmodel.cn"
      - "api.minimaxi.com"
      - "generativelanguage.googleapis.com"
      - "cloudcode-pa.googleapis.com"
      - "*.openai.azure.com"
    pricing_hosts:
      - "raw.githubusercontent.com"
    crs_hosts: []
    allow_private_hosts: false
    allow_insecure_http: false

  response_headers:
    enabled: true
    additional_allowed: []
    force_remove: []

  csp:
    enabled: true
    policy: "default-src 'self'; script-src 'self' __CSP_NONCE__ https://challenges.cloudflare.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https:; frame-src https://challenges.cloudflare.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"

  proxy_probe:
    insecure_skip_verify: false

  proxy_fallback:
    allow_direct_on_error: false