Redirect browsers to https when forceSsl is set

This commit extends the forceSsl support to redirect any HTML content to https. Practically speaking, this allows to redirect all browsers to https when they land on the main page using https. Serving traffic via http is still allowed as preventing this would break a lot of existing clients. To allow to easily run the app locally, forceSsl is false and must be enabled for any production environment. Closes gh-473
2026-06-25 14:54:04 +08:00 · 2018-07-27 16:56:30 +02:00
parent 9b098a8078
commit e208a9b1f1
18 changed files with 633 additions and 26 deletions
--- a/initializr-docs/src/main/asciidoc/configuration-format.adoc
+++ b/initializr-docs/src/main/asciidoc/configuration-format.adoc
@@ -33,8 +33,9 @@ download the Spring Boot CLI distribution bundle. This is only used by the `/spr
 endpoint at the moment.
 * `springBootMetadataUrl` the URL of the resource that provides the list of available
 Spring Boot versions..
-* `forceSsl`: a boolean flag that determines if we should use `https` even when
-browsing a resource via `http`. This is _enabled_ by default.
+* `forceSsl`: a boolean flag that determines if we should redirect browser to `https` when
+browsing via `http`. Also force the use of `https` in all links. This is not enabled by
+default to ease local use case but should be enabled in production.
 * `fallbackApplicationName`: the name of the _default_ application. Application names
 are generated based on the project's name. However, some user input may result in an
 invalid identifier for a Java class name for instance.