Deployment Manual / Version 2406.1
Table Of Contents
caas.bypass-filter-predicates
| |
Default | false |
Description |
If enabled, FilterPredicates my be ignored via request header 'X-Ignore-Filters'. If disabled, the header is ignored. |
caas.cache-specs
| |
Type |
Map<String,String>
|
Description |
(Caffeine Cache) configuration: Cache specs by cache name. Size based eviction:
Time based eviction:
Durations are represented by an integer, followed by one of "d", "h", "m", or "s", representing days, hours, minutes, or seconds respectively. |
caas.cors.allow-credentials-for-url-pattern
| |
Type |
Map<String,Boolean>
|
Description |
Map of whether user credentials are supported, based on URL patterns. Example: caas.cors.allow-credentials-for-url-pattern[/**]=true See org.springframework.web.util.pattern.PathPattern> for the syntax of allowed path patterns. |
caas.cors.allowed-headers-for-url-pattern
| |
Type |
Map<String,List<String>>
|
Description |
Map of headers that a pre-flight request can list as allowed for use during an actual request, based on URL patterns. A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified or Pragma. Example: caas.cors.allowed-headers-for-url-pattern[/**]=x-requested-with,x-csrf-token See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
caas.cors.allowed-methods-for-url-pattern
| |
Type |
Map<String,List<String>>
|
Description |
Map of HTTP methods to allow, based on URL patterns. Example: caas.cors.allowed-methods-for-url-pattern[/**]=GET,POST,PUT See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
caas.cors.allowed-origins-for-url-pattern
| |
Type |
Map<String,List<String>>
|
Description |
Map of origins to allow, based on URL patterns. Example: caas.cors.allowed-origins-for-url-pattern[/**]=https://domain1.com,https://domain2.com See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
caas.cors.disable-protection
| |
Type |
Boolean
|
Default | false |
Description |
Disable CORS configuration completely. Disabling CORS results effectively in an 'allow all CORS policy'. |
caas.cors.exposed-headers-for-url-pattern
| |
Type |
Map<String,List<String>>
|
Description |
Map of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified or Pragma) that an actual response might have and can be exposed, based on URL patterns. Example: caas.cors.exposed-headers-for-url-pattern[/**]=x-requested-with,x-csrf-token See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
caas.cors.fallback.allow-credentials
| |
Type |
Boolean
|
Default | true |
Description |
Allow credentials flag to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. @see org.springframework.web.cors.CorsConfiguration#setAllowCredentials(Boolean) |
caas.cors.fallback.allowed-methods
| |
Type |
List<String>
|
Description |
The fallback allowed methods to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. @see org.springframework.web.cors.CorsConfiguration#setAllowedMethods(List) |
caas.cors.fallback.allowed-origin
| |
Type |
String
|
Description |
A fallback allowed origin to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. This may be used to easily configure a minimal CORS config consisting of the FQDN, which is usually set via environment variables. @see org.springframework.web.cors.CorsConfiguration#setAllowedOrigins(List) |
caas.cors.max-age-for-url-pattern
| |
Type |
Map<String,Duration>
|
Description |
Map of how long, as a duration, the response from a pre-flight request can be cached by clients, based on URL patterns. Example: caas.cors.max-age-for-url-pattern[/**]=3m See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns. |
caas.doctype.doc-type-collection
| |
Type |
String
|
Default | CMCollection |
Description |
The name of the doctype for Collections. |
caas.doctype.doc-type-linkable
| |
Type |
String
|
Default | CMLinkable |
Description |
The name of the doctype for Linkables. |
caas.doctype.doc-type-location-taxonomy
| |
Type |
String
|
Default | CMLocTaxonomy |
Description |
The name of the doctype for Location Taxonomies. |
caas.doctype.doc-type-navigation
| |
Type |
String
|
Default | CMNavigation |
Description |
The name of the doctype for Navigations. |
caas.doctype.doc-type-picture
| |
Type |
String
|
Default | CMPicture |
Description |
The name of the doctype for Pictures. |
caas.doctype.doc-type-taxonomy
| |
Type |
String
|
Default | CMTaxonomy |
Description |
The name of the doctype for Taxonomies. |
caas.expose-extensions
| |
Type |
Boolean
|
Default | false |
Description |
Set to true to expose extensions as described by the GraphQL spec. |
caas.forward-cookies
| |
Type |
Boolean
|
Default | false |
Description |
Enables http cookie forwarding of incoming requests on endpoint 'graphql' and for persisted queries on '/caas/v1/*' towards outgoing, secondary requests to 'graphql' (triggered by '/preview') and cae remote link resolving. |
caas.forward-header-names
| |
Type |
List<String>
|
Description |
Comaseparated enumeration of http headernames to be forwarded for incoming requests on endpoint 'graphql' and for persisted queries on '/caas/v1/*' towards outgoing, secondary requests to 'graphql' (triggered by /preview) and cae remote link resolving. |
caas.graphql-restmapping-controller.enabled
| |
Deprecation |
This property has been deprecated and will be removed in a future version.
Use Reason: The property was removed due to changes in the implementation. The rest mapping is now auto configured by 'com.coremedia.caas.web.rest.RestMappingAutoConfiguration' and is enabled by default. To disabled it, add the auto configuration class to the corresponding Spring property. |
caas.graphql.expose-secrets
| |
Type |
Boolean
|
Default | false |
Description |
Expose encrypted values from settings in their encrypted version. Defaults for security reasons to false. |
caas.graphql.introspectionEnabled
| |
Deprecation |
This property has been deprecated and will be removed in a future version.
Use Reason: This property was dropped and replaced by the Spring-GraphQL property. The new property is set to 'false' in headless built-in application properties for security reasons. It should be set to 'true' if necessary, e.g. in a preview environment. |
caas.graphql.max-execution-timeout
| |
Type |
Duration
|
Default | 0 |
Description |
Limits the allowed execution time for a query, set in milliseconds. 0 = no timeout. |
caas.graphql.max-query-complexity
| |
Type |
Integer
|
Default | 0 |
Description |
Limits the complexity of a graphql query if set to a value greater than 0. 0 = off. |
caas.graphql.max-query-depth
| |
Type |
Integer
|
Default | 30 |
Description |
Limits the depth of a graphql query if set to a value greater than 0. 0 = off. |
caas.graphql.max-search-limit
| |
Deprecation |
This property has been deprecated and will be removed in a future version.
Use |
caas.graphql.repository-path-exclude-patterns
| |
Type |
List<String>
|
Default | [/Settings/Options/Settings/Internal/**, /Sites/**/Options/Settings/Internal/**, /Settings/Options/Settings/Feedback Hub, /Sites/**/Options/Settings/Feedback Hub, /Settings/Options/Settings/Content Hub, /Sites/**/Options/Settings/Content Hub, /Settings/Options/Settings/GlobalLink, /Settings/Options/Settings/Translation Services, /Sites/**/Options/Settings/Translation Services, /Settings/Options/Settings/Elastic Social Credentials] |
Description |
Repository paths excluded from retrieval via GraphQL endpoint. The paths may contain glob style expressions. Note, that the document name must be part of the path, if you do not use glob style expressions and want to protect a distinct document. Examples: caas.graphql.repository-path-exclude-patterns[0]=/A/B/C/D caas.graphql.repository-path-exclude-patterns[1]=/A/*/C/* caas.graphql.repository-path-exclude-patterns[2]=/A/B/** caas.graphql.repository-path-exclude-patterns[3]=/A/**/C/* |
caas.log-requests
| |
Type |
Boolean
|
Default | false |
Description |
Enables logging for HTTP requests (excluding OPTIONS) |
caas.media-cache-time
| |
Type |
Duration
|
Default | 365d |
Description |
Maximum cache time to set in the com.coremedia.caas.web.controller.MediaController responses via the Cache-Control max-age header. |
caas.media-no-transform
| |
Type |
Boolean
|
Default | true |
Description |
Flag to set no-transform value for Cache-Control header in the Media Controller responses |
caas.media.hash-property-names
| |
Type |
List<String>
|
Default | [width, height, widthRatio, heightRatio] |
Description |
List of global or site specific transformation option names defined in image transformation settings whose values are to be considered to compute image hashes. |
caas.preview
| |
Type |
Boolean
|
Default | false |
Description |
Enables preview mode |
caas.querylist-search-cache-for-seconds
| |
Deprecation |
This property has been deprecated and will be removed in a future version.
Use |
caas.search.cache.querylist-search-cache-for-seconds
| |
Type |
Integer
|
Default | -1 |
Description |
Time to cache query list search results in seconds. Set it to "-1" to deactivate the query list cache. |
caas.search.cache.seconds
| |
Type |
Integer
|
Default | -1 |
Description |
Time to cache search query results in seconds. Set it to "-1" to deactivate the search-query cache. |
caas.search.enabled
| |
Type |
Boolean
|
Default | true |
Description |
Enable graphql search extensions. |
caas.search.load-search-schema
| |
Type |
Boolean
|
Default | true |
Description |
Load the GraphQL search schema extensions. |
caas.search.max-search-limit
| |
Type |
Integer
|
Default | 200 |
Description |
Limit the count of search results hits. Defaults to 200. |
caas.search.solr.collection
| |
Type |
String
|
Default | preview |
Description |
Solr collection to use for CaaS search. |
caas.site-filter-config-properties.excluded-field-names
| |
Type |
Collection<String>
|
Default | [localizedVariant, localizedVariants, derivedSites] |
Description |
Fields to be excluded from site restrictions check. To disable all fields (thus prohibiting all objects not belonging to the filtered site), add the config property without any field names (=empty list). Adding additional fields requires to add the defaults as mentioned above to the config property! Defaults to "localizedVariant", "localizedVariants" and "derivedSites". |
caas.solr.collection
| |
Deprecation |
This property has been deprecated and will be removed in a future version.
Use |
caas.stax.context-trace-enabled
| |
Type |
Boolean
|
Default | false |
Description |
When 'true', wraps ContextHandlers and OutputHandlers while parsing in order to tracelog all parsing events. This is for debugging purposes only. Defaults to false. Additionally this requires the loglevel for 'com.coremedia.caas.richtext.stax.handler.output' to be set to trace level: logging.level.com.coremedia.caas.richtext.stax.handler.output = trace |
caas.stax.max-aliases-for-collections
| |
Type |
Integer
|
Default | 50 |
Description |
Configures the maximum number of allowed yaml aliases used by snakeyaml instances while parsing rich text configurations. Defaults to 50. |
caas.stax.suppress-root-tag
| |
Type |
Boolean
|
Default | true |
Description |
When 'false', the root tag in the string result of a rich text transformation is not suppressed. Defaults to true. |
caas.strict-transport-security-header.include-subdomains
| |
Type |
Boolean
|
Default | true |
Description |
If true, adds the 'includeSubdomains' flag to the Strict-Transport-Security HTTP response header. |
caas.strict-transport-security-header.max-age
| |
Type |
Integer
|
Default | 63072000 |
Description |
Max-Age of the Strict-Transport-Security HTTP response header in seconds, e.g. max-age=63072000. |
caas.strict-transport-security-header.preload
| |
Type |
Boolean
|
Default | false |
Description |
If true, adds the 'preload' flag to the Strict-Transport-Security HTTP response header. |
Table 3.13. Headless Server Properties