Skip to content

web

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

web

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src/main
src/main
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

README.md

Web

Common/Shared code for Spring Boot Web applications.

Contents

Cookie Safety

Stores / Tracks if cookies should contain the secure flag.

Default implementation: Uses the value from server.servlet.session.cookie.secure.

Login Url Store

Stores the login url if set.

Defaults to /login.

Usage example

public MainLayout {
  @Autowired
  protected LoginUrlStore loginUrlStore;

  void initUI() {
    Anchor anchorLogin = new Anchor(
          this.loginUrlStore.getLoginUrl(),
          new Button("Login"));
    // ...
  }
}

HSTS

Configures HSTS, automatically picked up by sidecars for configuration.

Spring Boot has HSTS enabled by default which means that it always checks if a request is secure or not. If the request is determined to be secure it injects an HSTS header. This is unnecessary as HSTS is nearly always handled by the reverse proxy upstream that also handles certificates.

The default implementation therefore disables HSTS when

  • it was explicitly disabled in the config
  • no SSL configuration is present