Whether or not to force the 'HttpOnly' attribute on all cookies.

Whether or not to force the 'Secure' attribute on all cookies.

The value of the cookie's 'SameSite' attribute. Valid values are the ones as defined by the spec. In addition, the value 'Unset' can be used to indicate that the attribute should not be set.

Whether or not to use the RFC6265 cookie processor.

Ant Paths to ignore for CSRF prevention.

Determines if semicolon is allowed in the URL (i.e. matrix variables).

Determines if a double slash (//) that is URL encoded (%2F%2F) should be allowed in the path or not.

Determines if a percent (%) that is URL encoded (%25) should be allowed in the path or not.

Determines if a period (.) that is URL encoded (%2E) should be allowed in the path or not.

Determines if a slash (/) that is URL encoded (%2F) should be allowed in the path or not.

A Secret which is used for url parameter hashing. It is recommended to use a secret at least 32 characters long. If not configured a secret will be generated and exposed via warn log on application startup. If multiple CAEs are used, ensure to set the secret instead of trusting a generated one.

uriPaths the IncludeParamsAppendingLinkTransformer should be applied to.

A list of fully qualified class names for which an com.fasterxml.jackson.databind.JsonSerializer should be registered for view parameter conversion. Every Class which is configured here, should have a proper com.coremedia.id.IdScheme implementation which known to the com.coremedia.id.IdProvider.

Sets the list of same origins which are listed in the ACCESS-CONTROL-ALLOW-ORIGIN HTTP header.

Whether to disable metadata rendering. Disabled by default.

Configures if jquery should be included when rendering the preview related scripts.

Configures a list of valid Studio URLs. The Studio Preview integration does only work for listed Studio instances. If left blank, any Studio instance is considered valid.

This property controls if an instance of com.coremedia.blueprint.cae.filter.UnknownMimetypeCharacterEncodingFilter is registered to fix unknown encoding errors in Webshere versions up to and including 8.5.5010.20160721_0036. The UnknownMimetypeCharacterEncoding filter will be used when cae.set-unknown-mime-type is set to true. The default is suitable when using Tomcat or Websphere starting from 8.5.5011.20161206_1434.

This property is used in com.coremedia.blueprint.cae.handlers.HandlerBase#doCreateModelWithView to control if a possibly outdated resource is served or if a redirect is sent. The redirect is only a valid response when cae.single-node is set to true.

Check for cyclic inclusions. You should not disable the check, unless for some good reason, e.g.:

If set to true, html comments will be written to the rendered pages around included fragments. This is a development feature. With these comments you can easily see which JSP, bean and view was used to render a fragment.

Enables/disables the view exception handler.

If handler is enabled and set to true, exceptions will be displayed in the current page.

By convention, templates are written for bean interfaces, but views may be named after any type. If set to true, viewlookup will only be done for views named after interfaces, not classes, with configurable excludes and includes. This option is turned off by default.

Maximum depth of inclusions.

Defines if the caching of view lookups is enabled. Disabling might be useful when developing templates. Shouldn't be disabled when in production mode!

Set whether to expose a RequestContext for use by Spring's macro library, under the name "springMacroRequestContext". Default is "true".

Currently needed for Spring's Velocity and FreeMarker default macros. Note that this is not required for templates that use HTML forms unless you wish to take advantage of the Spring helper macros.

Fallback to default view if requested view name raises view exception.