diff --git a/config/config.example.yml b/config/config.example.yml index 632ef09a9b..52f8be20f0 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -19,14 +19,9 @@ ui: # Angular Server Side Rendering (SSR) settings ssr: - # A boolean flag indicating whether the SSR configuration is enabled - # Defaults to true. - enabled: boolean; - # Enable request performance profiling data collection and printing the results in the server console. - # Defaults to false. - enablePerformanceProfiler: boolean; - + # Defaults to false. Enabling in production is NOT recommended + enablePerformanceProfiler: false # Whether to tell Angular to inline "critical" styles into the server-side rendered HTML. # Determining which styles are critical is a relatively expensive operation; this option is # disabled (false) by default to boost server performance at the expense of loading smoothness. @@ -43,19 +38,16 @@ ssr: # If set to true the component will be included in the HTML returned from the server side rendering. # If set to false the component will not be included in the HTML returned from the server side rendering. enableBrowseComponent: false - # Enable state transfer from the server-side application to the client-side application. # Defaults to true. # Note: When using an external application cache layer, it's recommended not to transfer the state to avoid caching it. # Disabling it ensures that dynamic state information is not inadvertently cached, which can improve security and # ensure that users always use the most up-to-date state. - transferState: boolean; - + transferState: true # When a different REST base URL is used for the server-side application, the generated state contains references to - # REST resources with the internal URL configured, so it is not transferred to the client application, by default. - # Enabling this setting transfers the state to the client application and replaces internal URLs with the public - # URLs used by the client application. - replaceRestUrl: boolean; + # REST resources with the internal URL configured. By default, these internal URLs are replaced with public URLs. + # Disable this setting to avoid URL replacement during SSR. In this the state is not transferred to avoid security issues. + replaceRestUrl: true # The REST API server settings # NOTE: these settings define which (publicly available) REST API to use. They are usually diff --git a/src/config/server-config.interface.ts b/src/config/server-config.interface.ts index cdf23cd146..ad9fa0868a 100644 --- a/src/config/server-config.interface.ts +++ b/src/config/server-config.interface.ts @@ -7,5 +7,7 @@ export class ServerConfig implements Config { public nameSpace: string; public baseUrl?: string; public ssrBaseUrl?: string; + // This boolean will be automatically set on server startup based on whether "baseUrl" and "ssrBaseUrl" + // have different values. public hasSsrBaseUrl?: boolean; } diff --git a/src/config/ssr-config.interface.ts b/src/config/ssr-config.interface.ts index c9c5f8882b..2ce626b47b 100644 --- a/src/config/ssr-config.interface.ts +++ b/src/config/ssr-config.interface.ts @@ -33,9 +33,8 @@ export interface SSRConfig extends Config { /** * When a different REST base URL is used for the server-side application, the generated state contains references to - * REST resources with the internal URL configured, so it is not transferred to the client application, by default. - * Enabling this setting transfers the state to the client application and replaces internal URLs with the public - * URLs used by the client application. + * REST resources with the internal URL configured. By default, these internal URLs are replaced with public URLs. + * Disable this setting to avoid URL replacement during SSR. In this the state is not transferred to avoid security issues. */ replaceRestUrl: boolean;