Release Notes / Version 10.2107
Table Of ContentsRemoved SettingsServiceFilter
Removed class
com.coremedia.blueprint.cae.settings.SettingsServiceFilter
. Either use the settings service Spring bean or use the FreeMarker settings functions instead.
(CMS-10328)
Made CAE SameSite Cookie strategy configurable
The config options prefixed
cae.cookie
control the CAE's behavior when sending cookies. It is now possible to configure the value of the
SameSite
attribute and whether or not to force all cookies to
Secure
and
HttpOnly
. By default the same site strategy is
None
and cookies are forced to
Secure
and
HttpOnly
.
(CMS-18595)
cae.hashing.secret changed from max length 32 to min length 32
The secret 'cae.hashing.secret' configured in CaeSecretConfigurationProperties, which is used for URL parameter hashing changed from max length 32 to min length 32.
(CMS-18518)
Single and bulk resource patterns and TTLs for cache control in live CAE have been fixed
The single resources pattern for the cache control configuration in live CAE didn't have any effect because of too many escape characters in the pattern. This has now been fixed. Furthermore, the bulk resource pattern has been improved to not mix up with the single resource pattern, and both cache TTL values for these pattern have been increased to 365 days. Please be aware that with this AMP release the cache control TTLs might change, if you use the default settings.
(CMS-18368)
Removed the JSP settings taglib functions
Removed JSP settings functions
bp:setting
and
bp::settingWithDefault
. Use model beans accessing the settings service instead.
(CMS-16974)
Reworked CORS configuration / replaced livecontext.crossdomain.whitelist
The configuration of CORS (Cross-Origin Resource Sharing) for the CAE has been reworked. It is now configured using the
cae.cors.\*
configuration properties (see public API). The properties
cae.preview.crossdomain-whitelist
and
livecontext.crossdomain.whitelist
have been removed. They are replaced by cae.cors.allowed-origins-for-url-pattern\
{path:.*}
.
Follow Section, “Reworked CORS configuration / replaced livecontext.crossdomain.whitelist” for upgrade information.
(CMS-16714)