Security Settings
Manage your app's Security settings in Settings > General > Security
Managing Your Knack App's Security Settings
Script Attack Protection
- This setting prevents the storage and execution of specific custom code elements that are not on the allowlist
- It helps keep your app secure and prevent input-based hacks
Allowlist
- Knack maintains a list of HTML tags, attributes, and schemes that are allowed, even when Script Attack Protection is enabled
- Any code not on this list will be sanitized and not saved
Restricted Areas
Certain areas of your app are always protected regardless of the Script Attack Protection setting:
- Account details
- Table names
- Field names
- Page elements
IP Restrictions
- You can enable this setting to only allow access to your app from specific IP addresses
- This is available on Pro and higher-tier Knack plans
Restrict API Responses
- When enabled, this option will only include the fields added to a view in the API response payloads
- This can help reduce response size and control data visibility
Secure Browser
- With this setting turned on, the app will automatically redirect users from the HTTP version to the HTTPS version
Overall, Knack provides a range of security features to help protect your app and data. The key is understanding how these settings work and configuring them appropriately for your app's needs.
Updated 24 days ago