Map of response headers other than simple headers (i.e.
Cache-Control, Content-Language,
Content-Type, Expires,
Last-Modified or Pragma) that an
actual response might have and can be exposed, based on URL patterns.
Map of how long, as a duration, the response from a pre-flight request
can be cached by clients, based on URL patterns.
Example:
cae.cors.max-age-for-url-pattern[{path\:.*}]=3m
See Javadoc for more information on CORS configuration for the CAE.
cae.cookie.force-http-only
Type
java.lang.Boolean
Default
true
Description
Whether or not to force the 'HttpOnly' attribute on all cookies.
cae.cookie.force-secure
Type
java.lang.Boolean
Default
true
Description
Whether or not to force the 'Secure' attribute on all cookies.
cae.cookie.same-site
Type
java.lang.String
Default
Description
The value of the cookie's 'SameSite' attribute. Valid values are the
ones as defined by the spec. In addition, the value 'Unset' can be
used to indicate that the attribute should not be set.
cae.csrf.ignore-paths
Type
java.util.List<java.lang.String>
Default
Description
Ant Paths to ignore for CSRF prevention.
cae.http-firewall.allow-semicolon
Type
java.lang.Boolean
Default
false
Description
Determines if semicolon is allowed in the URL (i.e. matrix variables).
cae.http-firewall.allow-url-encoded-double-slash
Type
java.lang.Boolean
Default
false
Description
Determines if a double slash (//) that is URL
encoded (%2F%2F) should be allowed in the path or
not.
cae.http-firewall.allow-url-encoded-percent
Type
java.lang.Boolean
Default
false
Description
Determines if a percent (%) that is URL encoded
(%25) should be allowed in the path or not.
cae.http-firewall.allow-url-encoded-period
Type
java.lang.Boolean
Default
false
Description
Determines if a period (.) that is URL encoded
(%2E) should be allowed in the path or not.
cae.http-firewall.allow-url-encoded-slash
Type
java.lang.Boolean
Default
false
Description
Determines if a slash (/) that is URL encoded
(%2F) should be allowed in the path or not.
cae.hashing.secret
Type
java.lang.String
Default
Description
A Secret which is used for url parameter hashing. Needs to be at least
32 characters long. If not configured a secret will be generated and
exposed via warn log on application startup. If multiple CAEs are
used, ensure to set the secret instead of trusting a generated one.
uriPaths the IncludeParamsAppendingLinkTransformer should be applied
to.
cae.link-transformer.serializer-classes
Type
java.util.List<java.lang.Class<?>>
Default
Description
A list of fully qualified class names for which a
com.fasterxml.jackson.databind.JsonSerializer should be registered for
view parameter conversion. Every class which is configured here,
should have a proper com.coremedia.id.IdScheme implementation being
registered at the com.coremedia.id.IdProvider bean.
cae.preview.metadata-enabled
Type
java.lang.Boolean
Default
false
Description
Whether to disable metadata rendering. Disabled by default.
cae.preview.pbe.include-jquery
Type
java.lang.Boolean
Default
false
Description
Configures if jquery should be included when rendering the preview
related scripts.
cae.preview.pbe.studio-url-whitelist
Type
java.util.List<java.lang.String>
Default
Description
Configures a list of valid Studio URLs. The Studio Preview integration
does only work for listed Studio instances. If left blank, any Studio
instance is considered valid.
cae.set-unknown-mime-type
Type
java.lang.Boolean
Default
false
Description
This property controls if an instance of
com.coremedia.blueprint.cae.filter.UnknownMimetypeCharacterEncodingFilter
is registered to fix unknown encoding errors in Webshere versions up
to and including 8.5.5010.20160721_0036. The
UnknownMimetypeCharacterEncoding filter will be used when
cae.set-unknown-mime-type is set to true. The default is suitable when
using Tomcat or Websphere starting from 8.5.5011.20161206_1434.
cae.single-node
Type
java.lang.Boolean
Default
false
Description
This property is used in
com.coremedia.blueprint.cae.handlers.HandlerBase#doCreateModelWithView
to control if a possibly outdated resource is served or if a redirect
is sent. The redirect is only a valid response when cae.single-node is
set to true.
cae.view.cycle-check
Type
java.lang.Boolean
Default
true
Description
Check for cyclic inclusions. You should not disable the check, unless
for some good reason, e.g.:
You use a custom ViewDispatcher, whose getView method is not
determined only by its arguments.
Your View#render implementation invokes ViewUtils#render with the
same bean + viewName, but with an other (delegate) View.
cae.view.debug-enabled
Type
java.lang.Boolean
Default
false
Description
If set to true, html comments will be written to the rendered pages
around included fragments. This is a development feature. With these
comments you can easily see which JSP, bean and view was used to
render a fragment.
cae.view.errorhandler.enabled
Type
java.lang.Boolean
Default
true
Description
Enables/disables the view exception handler.
cae.view.errorhandler.output
Type
java.lang.Boolean
Default
false
Description
If handler is enabled and set to true, exceptions will be displayed in
the current page.
cae.view.filter-lookup-by-predicate
Type
java.lang.Boolean
Default
false
Description
By convention, templates are written for bean interfaces, but views
may be named after any type. If set to true, viewlookup will only be
done for views named after interfaces, not classes, with configurable
excludes and includes. This option is turned off by default.
cae.view.max-depth
Type
java.lang.Integer
Default
200
Description
Maximum depth of inclusions.
cae.viewdispatcher.cache.enabled
Type
java.lang.Boolean
Default
true
Description
Defines if the caching of view lookups is enabled. Disabling might be
useful when developing templates. Shouldn't be disabled when in
production mode!
cae.viewdispatcher.expose-spring-macro-helpers
Type
java.lang.Boolean
Default
true
Description
Set whether to expose a RequestContext for use by Spring's macro
library, under the name "springMacroRequestContext". Default
is "true".
Currently needed for Spring's Velocity and FreeMarker default macros.
Note that this is not required for templates that
use HTML forms unless you wish to take advantage
of the Spring helper macros.
cae.viewdispatcher.fallback-to-default-view
Type
java.lang.Boolean
Default
true
Description
Fallback to default view if requested view name raises view exception.
Table 3.1. Configuration Properties with Prefix cae