com.sap.cloud.yaas.servicesdk.springboot.web-application-default.properties Maven / Gradle / Ivy
# Some reasonable defaults for the embedded Web-Application Server.
# A YAAS service should be state-less, so we don't need any session.
# Unfortunately there is no nice way to disable container-managed sessions altogether.
# To preserve resources, we set a very short session timeout (in seconds) instead.
server.session.timeout = 1
server.session.tracking-modes =
# Server's own Error-Pages should never be reached when ErrorPagesAutoConfiguration is active.
# Nevertheless, the following configurues then in a conservative manner, to prevent information leakage.
server.error.whitelabel.enabled = false
server.error.include-stacktrace = NEVER
# A typical YaaS service does not utilize JSP technology, thus we can disable it here.
server.jsp-servlet.registered = false
# Manage default filter-order of all autoconfigured Filters centrally.
yaas.service.logging-context.filter-order = 50
yaas.service.request-id.filter-order = 60
yaas.service.cors.filter-order = 70
yaas.service.basic-auth.filter-order = 80
spring.jersey.filter.order = 90
yaas.service.api-console.filter-order = 200
yaas.service.monitoring.monitoringEnabled = false
# enable credentials support for CORS by default
yaas.service.cors.configuration.allow-credentials=true
# Disable Spring-Boot's default mappings of static resources.
# In most cases, a YaaS service does not serve any static resources.
# (Other than the ones exposed as part of it's RAML API definition, but those are taken care of separately.)
spring.resources.add-mappings = false
spring.mvc.favicon.enabled=false
# If the respective dependencies are present on the classpath, actuator endpoints can be enabled.
# By default they are all disabled for security reasons -- activate them individually as needed.
endpoints.enabled = false