close

Filter

loading table of contents...

Deployment Manual / Version 2307

Table Of Contents

3.1.1 General CAE Properties

cae.cors.allow-credentials-for-url-pattern
Type java.util.Map<java.lang.String,java.lang.Boolean>
Default  
Description

Map of whether user credentials are supported, based on URL patterns.

Example:

 cae.cors.allow-credentials-for-url-pattern[{path\:.*}]=true 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.allowed-headers-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of headers that a pre-flight request can list as allowed for use during an actual request, based on URL patterns.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified or Pragma.

Example:

 cae.cors.allowed-headers-for-url-pattern[{path\:.*}]=x-requested-with,x-csrf-token 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.allowed-methods-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of HTTP methods to allow, based on URL patterns.

Example:

 cae.cors.allowed-methods-for-url-pattern[{path\:.*}]=GET,POST,PUT 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.allowed-origins-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of origins to allow, based on URL patterns.

Example:

 cae.cors.allowed-origins-for-url-pattern[{path\:.*}]=https://domain1.com,https://domain2.com 

In the preview CAE, this property may e.g. be configured with the Studio host in order to allow AJAX requests from the Studio to the CAE.

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.exposed-headers-for-url-pattern
Type java.util.Map<java.lang.String,java.util.List<java.lang.String>>
Default  
Description

Map of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified or Pragma) that an actual response might have and can be exposed, based on URL patterns.

Example:

 cae.cors.exposed-headers-for-url-pattern[{path\:.*}]=x-requested-with,x-csrf-token 

See Javadoc for more information on CORS configuration for the CAE.

cae.cors.max-age-for-url-pattern
Type java.util.Map<java.lang.String,java.time.Duration>
Default  
Description

Map of how long, as a duration, the response from a pre-flight request can be cached by clients, based on URL patterns.

Example:

 cae.cors.max-age-for-url-pattern[{path\:.*}]=3m 

See Javadoc for more information on CORS configuration for the CAE.

cae.cookie.force-http-only
Type java.lang.Boolean
Default true
Description

Whether or not to force the 'HttpOnly' attribute on all cookies.

cae.cookie.force-secure
Type java.lang.Boolean
Default true
Description

Whether or not to force the 'Secure' attribute on all cookies.

cae.cookie.same-site
Type java.lang.String
Default  
Description

The value of the cookie's 'SameSite' attribute. Valid values are the ones as defined by the spec. In addition, the value 'Unset' can be used to indicate that the attribute should not be set.

cae.cookie.use-rfc6265
Type java.lang.Boolean
Default false
Description

Whether or not to use the RFC6265 cookie processor.

cae.csrf.ignore-paths
Type java.util.List<java.lang.String>
Default  
Description

Ant Paths to ignore for CSRF prevention.

cae.http-firewall.allow-semicolon
Type java.lang.Boolean
Default false
Description

Determines if semicolon is allowed in the URL (i.e. matrix variables).

cae.http-firewall.allow-url-encoded-double-slash
Type java.lang.Boolean
Default false
Description

Determines if a double slash (//) that is URL encoded (%2F%2F) should be allowed in the path or not.

cae.http-firewall.allow-url-encoded-percent
Type java.lang.Boolean
Default false
Description

Determines if a percent (%) that is URL encoded (%25) should be allowed in the path or not.

cae.http-firewall.allow-url-encoded-period
Type java.lang.Boolean
Default false
Description

Determines if a period (.) that is URL encoded (%2E) should be allowed in the path or not.

cae.http-firewall.allow-url-encoded-slash
Type java.lang.Boolean
Default false
Description

Determines if a slash (/) that is URL encoded (%2F) should be allowed in the path or not.

cae.hashing.secret
Type java.lang.String
Default  
Description

A Secret which is used for url parameter hashing. Needs to be at least 32 characters long. If not configured a secret will be generated and exposed via warn log on application startup. If multiple CAEs are used, ensure to set the secret instead of trusting a generated one.

cae.link-transformer.include-params-appender.uri-paths
Type java.util.List<java.lang.String>
Default /servlet/dynamic/
Description

uriPaths the IncludeParamsAppendingLinkTransformer should be applied to.

cae.link-transformer.serializer-classes
Type java.util.List<java.lang.Class<?>>
Default  
Description

A list of fully qualified class names for which a com.fasterxml.jackson.databind.JsonSerializer should be registered for view parameter conversion. Every class which is configured here, should have a proper com.coremedia.id.IdScheme implementation being registered at the com.coremedia.id.IdProvider bean.

cae.preview.metadata-enabled
Type java.lang.Boolean
Default false
Description

Whether to disable metadata rendering. Disabled by default.

cae.preview.pbe.include-jquery
Type java.lang.Boolean
Default false
Description

Configures if jquery should be included when rendering the preview related scripts.

cae.preview.pbe.studio-url-whitelist
Type java.util.List<java.lang.String>
Default  
Description

Configures a list of valid Studio URLs. The Studio Preview integration does only work for listed Studio instances. If left blank, any Studio instance is considered valid.

cae.set-unknown-mime-type
Type java.lang.Boolean
Default false
Description

This property controls if an instance of com.coremedia.blueprint.cae.filter.UnknownMimetypeCharacterEncodingFilter is registered to fix unknown encoding errors in Webshere versions up to and including 8.5.5010.20160721_0036. The UnknownMimetypeCharacterEncoding filter will be used when cae.set-unknown-mime-type is set to true. The default is suitable when using Tomcat or Websphere starting from 8.5.5011.20161206_1434.

cae.single-node
Type java.lang.Boolean
Default false
Description

This property is used in com.coremedia.blueprint.cae.handlers.HandlerBase#doCreateModelWithView to control if a possibly outdated resource is served or if a redirect is sent. The redirect is only a valid response when cae.single-node is set to true.

cae.view.cycle-check
Type java.lang.Boolean
Default true
Description

Check for cyclic inclusions. You should not disable the check, unless for some good reason, e.g.:

  • You use a custom ViewDispatcher, whose getView method is not determined only by its arguments.

  • Your View#render implementation invokes ViewUtils#render with the same bean + viewName, but with an other (delegate) View.

cae.view.debug-enabled
Type java.lang.Boolean
Default false
Description

If set to true, html comments will be written to the rendered pages around included fragments. This is a development feature. With these comments you can easily see which JSP, bean and view was used to render a fragment.

cae.view.errorhandler.enabled
Type java.lang.Boolean
Default true
Description

Enables/disables the view exception handler.

cae.view.errorhandler.output
Type java.lang.Boolean
Default false
Description

If handler is enabled and set to true, exceptions will be displayed in the current page.

cae.view.filter-lookup-by-predicate
Type java.lang.Boolean
Default false
Description

By convention, templates are written for bean interfaces, but views may be named after any type. If set to true, viewlookup will only be done for views named after interfaces, not classes, with configurable excludes and includes. This option is turned off by default.

cae.view.max-depth
Type java.lang.Integer
Default 200
Description

Maximum depth of inclusions.

cae.viewdispatcher.cache.enabled
Type java.lang.Boolean
Default true
Description

Defines if the caching of view lookups is enabled. Disabling might be useful when developing templates. Shouldn't be disabled when in production mode!

cae.viewdispatcher.expose-spring-macro-helpers
Type java.lang.Boolean
Default true
Description

Set whether to expose a RequestContext for use by Spring's macro library, under the name "springMacroRequestContext". Default is "true".

Currently needed for Spring's Velocity and FreeMarker default macros. Note that this is not required for templates that use HTML forms unless you wish to take advantage of the Spring helper macros.

cae.viewdispatcher.fallback-to-default-view
Type java.lang.Boolean
Default true
Description

Fallback to default view if requested view name raises view exception.

Table 3.1. Configuration Properties with Prefix cae


Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.