Security Considerations
Security best practices for Bovine Pages Server
Forgejo API Token
Generate a token with read-only access:
# In Forgejo web UI:
# Settings → Applications → Generate New Token
# Permissions: read:repository
Add to your config:
forgejoToken: gfo_xxxxxxxxxxxxxxxxxxxxxxxxxx
DNS Verification (Prevent Domain Hijacking)
Enable DNS verification to prevent users from claiming domains they don’t own:
enableCustomDomainDNSVerification: true
Users must add a DNS TXT record to prove ownership before their custom domain activates.