update demo with new security settings

docker/docker-burpui/assets/config/burp-ui/burpui.cfg

@@ -26,6 +26,12 @@ auth: basic
 # list misc/acl directory to see the available backends
 # default is no ACL
 acl: basic
+# You can change the prefix if you are behind a reverse-proxy under a custom
+# root path. For example: /burpui
+# You can also configure your reverse-proxy to announce the prefix through the
+# 'X-Script-Name' header. In this case, the bellow prefix will be ignored in
+# favour of the one announced by your reverse-proxy
+prefix: none
 
 [UI]
 # refresh interval of the pages in seconds
@@ -39,8 +45,26 @@ liverefresh: 5
 storage: redis
 # redis server to connect to
 redis: demo-redis:6379
-# whether to use secure cookie or not
+
+[Security]
+## This section contains some security options. Make sure you understand the
+## security implications before changing these.
+# list of 'root' paths allowed when sourcing files in the configuration.
+# Set this to 'none' if you don't want any restrictions, keeping in mind this
+# can lead to accessing sensible files. Defaults to '/etc/burp'.
+# Note: you can have several paths separated by comas.
+# Example: /etc/burp,/etc/burp.d
+includes: /etc/burp
+# remember_cookie duration in days
+cookietime: 14
+# whether to use a secure cookie for https or not. If set to false, cookies
+# won't have the 'secure' flag.
+# This setting is only useful when HTTPS is detected
 scookie: true
+# application secret to secure cookies. If you don't set anything, the default
+# value is 'random' which will generate a new secret after every restart of your
+# application. You can also set it to 'none' although this is not recommended.
+appsecret: random
 
 ## burp1 backend specific options
 #[Burp1]