Please enhance the documentation on how to properly enforce HTTPS on cloudfoundry...
[1] only describes some aspects when using tomcat behind a proxy and does not talk about enforcing HTTPS, and what about undertow and jetty?
It seems the only way to really enforce is to use a WebSecurityConfigurerAdapter and call http.requiresChannel().anyRequest().requiresSecure() - but this means I have to explicitly disable for local development.
edit: [1] http://docs.spring.io/spring-boot/docs/current/reference/html/howto-embedded-servlet-containers.html#howto-customize-tomcat-behind-a-proxy-server
Comment From: wilkinsona
@lmod What was [1] intended to link to?
Comment From: imod
@wilkinsona sorry! I added the link now
Comment From: wilkinsona
See also #15046.