Security Settings
Manage your app's Security settings in Settings > General > Security
Managing Your Knack App's Security Settings
Script Attack Protection
- This setting prevents the storage and execution of specific custom code elements that are not on the allowlist
- It helps keep your app secure and prevent input-based hacks
Allowlist
- Knack maintains a list of HTML tags, attributes, and schemes that are allowed, even when Script Attack Protection is enabled
- Any code not on this list will be sanitized and not saved
Restricted Areas
Certain areas of your app are always protected regardless of the Script Attack Protection setting:
- Account details
- Table names
- Field names
- Page elements
IP Restrictions
- You can enable this setting to only allow access to your app from specific IP addresses
- This is available on Pro and higher-tier Knack plans
Restrict API Responses
- When enabled, this option will only include the fields added to a view in the API response payloads
- This can help reduce response size and control data visibility
Secure Browser
- With this setting turned on, the app will automatically redirect users from the HTTP version to the HTTPS version
Overall, Knack provides a range of security features to help protect your app and data. The key is understanding how these settings work and configuring them appropriately for your app's needs.
Updated about 2 months ago