You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some of those (server.error.include-*) impact HTTP responses (either HTML or JSON) returned to the user which I find to be a bit controversial. IMO, something like Dev Tools shouldn't have impact to an application in functional way, which changing responses sort of is. I'd rather see such information being logged instead of returned in responses.
The similar case could be made for enabling H2 console, which most of the time also requires configuring security in order to be accessible.
Additionally, it might be worth considering to also provide more information about which exact properties were enabled. At the moment, only this is logged on startup.
2022-01-14 22:22:17.289 INFO 186000 --- [ restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : Devtools property defaults active! Set 'spring.devtools.add-properties' to 'false' to disable
Since the list might change over time, it might be a good idea to log exact properties that were set.
The text was updated successfully, but these errors were encountered:
We discussed this issue today and we'd like to extend our documentation to list the properties that are set. We think we can do this by extracting them to a .properties file that we can also use to generate and .adoc file. We think this might be better than logging the properties since there's quite a few of them and it could get annoying.
We think that the server.error.* and spring.h2.console.enabled properties still make sense to have in a "developer only" setup. They're generally useful and we think they're worth setting by default.
At the moment Dev Tools are configuring the following properties:
spring-boot/spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/env/DevToolsPropertyDefaultsPostProcessor.java
Lines 63 to 78 in fe82098
Some of those (
server.error.include-*
) impact HTTP responses (either HTML or JSON) returned to the user which I find to be a bit controversial. IMO, something like Dev Tools shouldn't have impact to an application in functional way, which changing responses sort of is. I'd rather see such information being logged instead of returned in responses.The similar case could be made for enabling H2 console, which most of the time also requires configuring security in order to be accessible.
Additionally, it might be worth considering to also provide more information about which exact properties were enabled. At the moment, only this is logged on startup.
Since the list might change over time, it might be a good idea to log exact properties that were set.
The text was updated successfully, but these errors were encountered: