close

Filter

loading table of contents...

Deployment Manual / Version 2406.1

Table Of Contents

3.3.1 Headless Server Spring Boot Properties

caas.bypass-filter-predicates
Default false
Description

If enabled, FilterPredicates my be ignored via request header 'X-Ignore-Filters'. If disabled, the header is ignored.

caas.cache-specs
Type Map<String,String>
Description

(Caffeine Cache) configuration: Cache specs by cache name.

Size based eviction:

  • maximumSize=[long] - eviction occurs when the configured size limit of the cache is exceeded

  • maximumWeight=[long] - The values are removed from the cache when the weight is exceeded

Time based eviction:

  • expireAfterWrite = entry is expired after period is passed since the last write occurs

  • expireAfterAccess = entry is expired after period is passed since the last read or write occurs

  • refreshAfterWrite = refresh entries after a defined period automatically

Durations are represented by an integer, followed by one of "d", "h", "m", or "s", representing days, hours, minutes, or seconds respectively.

caas.cors.allow-credentials-for-url-pattern
Type Map<String,Boolean>
Description

Map of whether user credentials are supported, based on URL patterns.

Example:

 caas.cors.allow-credentials-for-url-pattern[/**]=true 

See org.springframework.web.util.pattern.PathPattern> for the syntax of allowed path patterns.

caas.cors.allowed-headers-for-url-pattern
Type Map<String,List<String>>
Description

Map of headers that a pre-flight request can list as allowed for use during an actual request, based on URL patterns.

A header name is not required to be listed if it is one of: Cache-Control, Content-Language, Expires, Last-Modified or Pragma.

Example:

 caas.cors.allowed-headers-for-url-pattern[/**]=x-requested-with,x-csrf-token 

See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns.

caas.cors.allowed-methods-for-url-pattern
Type Map<String,List<String>>
Description

Map of HTTP methods to allow, based on URL patterns.

Example:

 caas.cors.allowed-methods-for-url-pattern[/**]=GET,POST,PUT 

See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns.

caas.cors.allowed-origins-for-url-pattern
Type Map<String,List<String>>
Description

Map of origins to allow, based on URL patterns.

Example:

 caas.cors.allowed-origins-for-url-pattern[/**]=https://domain1.com,https://domain2.com 

See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns.

caas.cors.disable-protection
Type Boolean
Default false
Description

Disable CORS configuration completely. Disabling CORS results effectively in an 'allow all CORS policy'.

caas.cors.exposed-headers-for-url-pattern
Type Map<String,List<String>>
Description

Map of response headers other than simple headers (i.e. Cache-Control, Content-Language, Content-Type, Expires, Last-Modified or Pragma) that an actual response might have and can be exposed, based on URL patterns.

Example:

 caas.cors.exposed-headers-for-url-pattern[/**]=x-requested-with,x-csrf-token 

See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns.

caas.cors.fallback.allow-credentials
Type Boolean
Default true
Description

Allow credentials flag to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. @see org.springframework.web.cors.CorsConfiguration#setAllowCredentials(Boolean)

caas.cors.fallback.allowed-methods
Type List<String>
Description

The fallback allowed methods to be used for path pattern '/**', in the case that no specific CORS configuration exists at all. @see org.springframework.web.cors.CorsConfiguration#setAllowedMethods(List)

caas.cors.fallback.allowed-origin
Type String
Description

A fallback allowed origin to be used for path pattern '/**', in the case that no specific CORS configuration exists at all.

This may be used to easily configure a minimal CORS config consisting of the FQDN, which is usually set via environment variables. @see org.springframework.web.cors.CorsConfiguration#setAllowedOrigins(List)

caas.cors.max-age-for-url-pattern
Type Map<String,Duration>
Description

Map of how long, as a duration, the response from a pre-flight request can be cached by clients, based on URL patterns.

Example:

 caas.cors.max-age-for-url-pattern[/**]=3m 

See org.springframework.web.util.pattern.PathPattern for the syntax of allowed path patterns.

caas.doctype.doc-type-collection
Type String
Default CMCollection
Description

The name of the doctype for Collections.

caas.doctype.doc-type-linkable
Type String
Default CMLinkable
Description

The name of the doctype for Linkables.

caas.doctype.doc-type-location-taxonomy
Type String
Default CMLocTaxonomy
Description

The name of the doctype for Location Taxonomies.

caas.doctype.doc-type-navigation
Type String
Default CMNavigation
Description

The name of the doctype for Navigations.

caas.doctype.doc-type-picture
Type String
Default CMPicture
Description

The name of the doctype for Pictures.

caas.doctype.doc-type-taxonomy
Type String
Default CMTaxonomy
Description

The name of the doctype for Taxonomies.

caas.expose-extensions
Type Boolean
Default false
Description

Set to true to expose extensions as described by the GraphQL spec.

caas.forward-cookies
Type Boolean
Default false
Description

Enables http cookie forwarding of incoming requests on endpoint 'graphql' and for persisted queries on '/caas/v1/*' towards outgoing, secondary requests to 'graphql' (triggered by '/preview') and cae remote link resolving.

caas.forward-header-names
Type List<String>
Description

Comaseparated enumeration of http headernames to be forwarded for incoming requests on endpoint 'graphql' and for persisted queries on '/caas/v1/*' towards outgoing, secondary requests to 'graphql' (triggered by /preview) and cae remote link resolving.

caas.graphql-restmapping-controller.enabled
Deprecation

This property has been deprecated and will be removed in a future version.

Use spring.autoconfigure.exclude instead.

Reason:

The property was removed due to changes in the implementation. The rest mapping is now auto configured by 'com.coremedia.caas.web.rest.RestMappingAutoConfiguration' and is enabled by default. To disabled it, add the auto configuration class to the corresponding Spring property.

caas.graphql.expose-secrets
Type Boolean
Default false
Description

Expose encrypted values from settings in their encrypted version. Defaults for security reasons to false.

caas.graphql.introspectionEnabled
Deprecation

This property has been deprecated and will be removed in a future version.

Use spring.graphql.schema.introspection.enabled instead.

Reason:

This property was dropped and replaced by the Spring-GraphQL property. The new property is set to 'false' in headless built-in application properties for security reasons. It should be set to 'true' if necessary, e.g. in a preview environment.

caas.graphql.max-execution-timeout
Type Duration
Default 0
Description

Limits the allowed execution time for a query, set in milliseconds. 0 = no timeout.

caas.graphql.max-query-complexity
Type Integer
Default 0
Description

Limits the complexity of a graphql query if set to a value greater than 0. 0 = off.

caas.graphql.max-query-depth
Type Integer
Default 30
Description

Limits the depth of a graphql query if set to a value greater than 0. 0 = off.

caas.graphql.max-search-limit
Deprecation

This property has been deprecated and will be removed in a future version.

Use caas.search.max-search-limit instead.

caas.graphql.repository-path-exclude-patterns
Type List<String>
Default [/Settings/Options/Settings/Internal/**, /Sites/**/Options/Settings/Internal/**, /Settings/Options/Settings/Feedback Hub, /Sites/**/Options/Settings/Feedback Hub, /Settings/Options/Settings/Content Hub, /Sites/**/Options/Settings/Content Hub, /Settings/Options/Settings/GlobalLink, /Settings/Options/Settings/Translation Services, /Sites/**/Options/Settings/Translation Services, /Settings/Options/Settings/Elastic Social Credentials]
Description

Repository paths excluded from retrieval via GraphQL endpoint. The paths may contain glob style expressions. Note, that the document name must be part of the path, if you do not use glob style expressions and want to protect a distinct document.

Examples:

 caas.graphql.repository-path-exclude-patterns[0]=/A/B/C/D caas.graphql.repository-path-exclude-patterns[1]=/A/*/C/* caas.graphql.repository-path-exclude-patterns[2]=/A/B/** caas.graphql.repository-path-exclude-patterns[3]=/A/**/C/* 
caas.log-requests
Type Boolean
Default false
Description

Enables logging for HTTP requests (excluding OPTIONS)

caas.media-cache-time
Type Duration
Default 365d
Description

Maximum cache time to set in the com.coremedia.caas.web.controller.MediaController responses via the Cache-Control max-age header.

caas.media-no-transform
Type Boolean
Default true
Description

Flag to set no-transform value for Cache-Control header in the Media Controller responses

caas.media.hash-property-names
Type List<String>
Default [width, height, widthRatio, heightRatio]
Description

List of global or site specific transformation option names defined in image transformation settings whose values are to be considered to compute image hashes.

caas.preview
Type Boolean
Default false
Description

Enables preview mode

caas.querylist-search-cache-for-seconds
Deprecation

This property has been deprecated and will be removed in a future version.

Use caas.search.cache.querylist-search-cache-for-seconds instead.

caas.search.cache.querylist-search-cache-for-seconds
Type Integer
Default -1
Description

Time to cache query list search results in seconds. Set it to "-1" to deactivate the query list cache.

caas.search.cache.seconds
Type Integer
Default -1
Description

Time to cache search query results in seconds. Set it to "-1" to deactivate the search-query cache.

caas.search.enabled
Type Boolean
Default true
Description

Enable graphql search extensions.

caas.search.load-search-schema
Type Boolean
Default true
Description

Load the GraphQL search schema extensions.

caas.search.max-search-limit
Type Integer
Default 200
Description

Limit the count of search results hits. Defaults to 200.

caas.search.solr.collection
Type String
Default preview
Description

Solr collection to use for CaaS search.

caas.site-filter-config-properties.excluded-field-names
Type Collection<String>
Default [localizedVariant, localizedVariants, derivedSites]
Description

Fields to be excluded from site restrictions check.

To disable all fields (thus prohibiting all objects not belonging to the filtered site), add the config property without any field names (=empty list).

Adding additional fields requires to add the defaults as mentioned above to the config property! Defaults to "localizedVariant", "localizedVariants" and "derivedSites".

caas.solr.collection
Deprecation

This property has been deprecated and will be removed in a future version.

Use caas.search.solr.collection instead.

caas.stax.context-trace-enabled
Type Boolean
Default false
Description

When 'true', wraps ContextHandlers and OutputHandlers while parsing in order to tracelog all parsing events. This is for debugging purposes only. Defaults to false. Additionally this requires the loglevel for 'com.coremedia.caas.richtext.stax.handler.output' to be set to trace level: logging.level.com.coremedia.caas.richtext.stax.handler.output = trace

caas.stax.max-aliases-for-collections
Type Integer
Default 50
Description

Configures the maximum number of allowed yaml aliases used by snakeyaml instances while parsing rich text configurations. Defaults to 50.

caas.stax.suppress-root-tag
Type Boolean
Default true
Description

When 'false', the root tag in the string result of a rich text transformation is not suppressed. Defaults to true.

caas.strict-transport-security-header.include-subdomains
Type Boolean
Default true
Description

If true, adds the 'includeSubdomains' flag to the Strict-Transport-Security HTTP response header.

caas.strict-transport-security-header.max-age
Type Integer
Default 63072000
Description

Max-Age of the Strict-Transport-Security HTTP response header in seconds, e.g. max-age=63072000.

caas.strict-transport-security-header.preload
Type Boolean
Default false
Description

If true, adds the 'preload' flag to the Strict-Transport-Security HTTP response header.

Table 3.13. Headless Server Properties


Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.