framework/webapp/config/requestHandler.properties
###############################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
###############################################################################
# -- N if you want to use external requests, see OFBIZ-5037
throwRequestHandlerExceptionOnMissingLocalRequest=Y
# -- Default HTTP status-code, see OFBIZ-5109
status-code=301
# -- Default Content-Disposition type
# attachment might be replaced by inline if you prefer to offer this option to your users.
# attachment is supposed to be more secure, but this is a bit unclear see OFBIZ-6702 for details
content-disposition-type=attachment
# -- Should we use strict-transport-security? True by default.
# Use false if you don't have a certificate or not a signed one and it annoys you to set "none" for each HTTP request!
#strict-transport-security=false
# -- Should we show the sessionId in log? False (ie N) by default.
show-sessionId-in-log=N
# If true, sends the Strict-Transport-Security HTTP header to browsers by default
# (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
# SCIPIO: 2018-07-10: Now true by default.
strict-transport-security=true
# SCIPIO: When the controller redirects HTTP to HTTPS, determines the format of the redirect link produced. Values:
# * incoming-url: Uses part of the incoming original request URL, but changing the protocol, host and port.
# The port is taken from static configuration (url.properties or WebSite), others from HTTP headers.
# * incoming-url-statichost: Same as incoming-url, but the host is taken from static configuration (url.properties
# or WebSite) instead of HTTP headers.
# * ofbiz-url: Generates a new URL from scratch based on the target controller request URI (i.e., based on @pageUrl)
# NOTE: None of these options guarantee preserving the public-facing URL format when behind a load balancer such as nginx;
# there is typically a need for local URL rewriting (urlrewritefilter.xml) and static configuration files (url.properties,
# WebSite records, etc.) together with HTTP headers from the frontend (X-Forwarded-Proto, etc.).
# Added 2018-07-18.
secure-redirect-url-format=incoming-url
# SCIPIO: Controller config factory; can switch this for old vs new behavior.
# ResolvedConfigController should be faster in production.
controller.config.factoryClass=org.ofbiz.webapp.control.ConfigXMLReader$ResolvedControllerConfig$Factory
#controller.config.factoryClass=org.ofbiz.webapp.control.ConfigXMLReader$ControllerConfig$Factory
# SCIPIO: 2.1.0: Set log level to log _LAST_VIEW_PARAMS_ and other session attribute serialization issues
session.unserializable.logLevel=off