remove anyway broken "http" (Spring Boot) profile (fixes alfio-event#514

)
vorburger · Oct 4, 2018 · 41dcd4f · 41dcd4f
1 parent 1225de5
commit 41dcd4f
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 15 deletions.
diff --git a/README.md b/README.md
@@ -166,7 +166,6 @@ It will expire the 02/07/23 (as https://www.apple.com/certificateauthority/).
 
  - dev: enable dev mode
  - debug-csp: add report-uri and log csp violations
- - http: enable if behind proxy or the call chain is not full https
  - spring-boot: added when launched by spring-boot
  - demo: enable demo mode, the accounts for the admin will be created on the fly
  - disable-jobs: disable jobs

diff --git a/src/main/java/alfio/config/Initializer.java b/src/main/java/alfio/config/Initializer.java
@@ -41,7 +41,6 @@ public class Initializer extends AbstractAnnotationConfigDispatcherServletInitia
     public static final String PROFILE_INTEGRATION_TEST = "integration-test";
     public static final String PROFILE_DEBUG_CSP = "debug-csp";
     public static final String PROFILE_LIVE = "!dev";
-    static final String PROFILE_HTTP = "http";
     static final String PROFILE_SPRING_BOOT = "spring-boot";
     public static final String PROFILE_DEMO = "demo";
     public static final String PROFILE_DISABLE_JOBS = "disable-jobs";
@@ -76,9 +75,6 @@ protected WebApplicationContext createRootApplicationContext() {
         ConfigurableWebApplicationContext ctx = ((ConfigurableWebApplicationContext) super.createRootApplicationContext());
         Objects.requireNonNull(ctx, "Something really bad is happening...");
         ConfigurableEnvironment environment = ctx.getEnvironment();
-        if(environment.acceptsProfiles(PROFILE_DEV)) {
-            environment.addActiveProfile(PROFILE_HTTP);
-        }
         this.environment = environment;
         return ctx;
     }
@@ -90,13 +86,10 @@ private void configureSessionCookie(ServletContext servletContext) {
 
         Validate.notNull(environment, "environment cannot be null!");
         // set secure cookie only if current environment doesn't strictly need HTTP
-        config.setSecure(!environment.acceptsProfiles(PROFILE_HTTP));
-        //
-
+        config.setSecure(true);
 
         // FIXME and CHECKME what a mess, ouch: https://issues.jboss.org/browse/WFLY-3448 ?
         config.setPath(servletContext.getContextPath() + "/");
-        //
     }
 
     @Override

diff --git a/src/main/java/alfio/config/SpringBootInitializer.java b/src/main/java/alfio/config/SpringBootInitializer.java
@@ -57,14 +57,10 @@ public class SpringBootInitializer {
     public ServletContextInitializer servletContextInitializer() {
         return servletContext -> {
             WebApplicationContext ctx = getRequiredWebApplicationContext(servletContext);
-            ConfigurableEnvironment environment = ctx.getBean(ConfigurableEnvironment.class);
-            if(environment.acceptsProfiles(Initializer.PROFILE_DEV)) {
-                environment.addActiveProfile(Initializer.PROFILE_HTTP);
-            }
             SessionCookieConfig config = servletContext.getSessionCookieConfig();
             config.setHttpOnly(true);
-            config.setSecure(!environment.acceptsProfiles(Initializer.PROFILE_HTTP));
-            //force log initialization, then disable it
+            config.setSecure(true);
+            // force log initialization, then disable it
             XRLog.setLevel(XRLog.EXCEPTION, Level.WARNING);
             XRLog.setLoggingEnabled(false);
         };