Orbeon Forms
  • Getting started
  • Installation
    • Logging
    • Configuration banner
    • Docker
    • Azure
    • Tomcat
    • WildFly
    • WebSphere
    • WebLogic
    • GlassFish
    • Caches
    • Replication
    • Upgrading
  • Configuration
    • Properties
      • General
        • HTTP client
      • Form Runner
        • Detail page
          • Attachments
          • Email properties
          • PDF
          • Table of contents
        • Persistence
        • Summary page
      • Form Builder
      • XForms
    • Advanced
      • Workflows
      • Session management
      • State handling
      • Client-side error handling
      • Clustering and High Availability
      • Configuring a Form Runner eXist database
      • Creating a production WAR
      • Environments
      • JavaScript and CSS assets
      • Limiter filter
      • Run modes
      • Security
        • Content-Security-Policy header
      • SAP Hybris Module
      • XForms logging
    • Troubleshooting
      • Troubleshooting with the orbeon.log
      • Memory and threads
      • Relational database logging
      • Misc
  • Form Builder
    • Form settings
      • Time window
    • Form editor
      • Form area
      • Toolbox
      • Buttons bar
      • Control settings
      • Dependent fields and sections
      • Validation
      • Choices editor
      • Publishing
      • Cut, copy and paste
      • Section and grid settings
      • Section settings
      • Grid settings
      • Quick control search
      • Repeat settings
      • Repeated grids
      • Undo and redo
      • Keyboard shortcuts
    • Formulas
      • Examples of formulas
      • Formulas inspector
      • Formulas console
    • Summary page
    • Form localization
    • Advanced
      • Edit source
      • Services and actions
        • HTTP services
        • Database services
        • Simple Actions
        • Action Syntax
        • Action Syntax examples
        • Synchronizing repeated content
      • Testing a form in web mode
      • Testing PDF production
      • Testing offline functionality
      • Email Settings dialog
      • Field-level encryption
      • Messages
      • Section templates
      • Template syntax
      • XML Schemas support
      • Extensibility
        • Extension API
        • Integration
        • Toolbox component metadata
  • Form Runner
    • Overview
      • Terminology
    • Pages
      • Landing page
      • Published Forms page
      • Forms Admin page
      • Summary page
    • Components
      • Alert dialog
      • Attachment
      • Autocomplete
      • Captcha
      • Character counter
      • Checkbox input
      • Currency
      • Date
      • Dropdown date
      • Static and dynamic dropdown
      • Error summary
      • Grid
      • Handwritten signature
      • Hidden field
      • Image
      • Image annotation
      • Image attachment
      • Number
      • Open selection
      • Repeater
      • Formatted Text / Rich Text Editor
      • Section
      • Single-selection tree
      • Source code editor
      • Time
      • US phone
      • US state
      • Video
      • Video attachment
      • Wizard
      • XForms inspector
      • Yes/No answer
    • Features
      • Automatic calculations dependencies
      • Datasets
      • Excel and XML import
      • Excel and XML export
      • Summary page Excel Export
      • Form definitions and form data Zip Export
      • Purging historical data
      • Lease
      • Localization
      • Supported languages
      • Mobile support
      • Multitenancy
      • Form Runner navigation bar
      • PDF production
        • Automatic PDF
        • Automatic PDF header and footer configuration
        • PDF templates
      • Responsive design
      • Revision history
      • S3 storage
      • Simple data migration
      • TIFF production
      • Versioning
      • Wizard view
      • Workflow stage
    • Persistence
      • Using a relational database
      • Relational database schema
      • Purging old data using SQL
      • Auditing
      • Autosave
      • Database support
      • Flat view
    • Linking and embedding
      • Linking
      • Java Embedding API
      • JavaScript Embedding API
      • Liferay full portlet
      • Liferay proxy portlet
      • Securing Form Runner access
      • Form Runner offline embedding API
      • Angular component
      • React component
    • Access control and permissions
      • Users
      • Login & Logout
      • Deployed forms
      • Form fields
      • Editing forms
      • Owner and group member
      • Organizations
      • Scenarios
      • Token-based permissions
    • Styling
      • CSS
      • Grids CSS
      • Automatic PDF styling and CSS
    • APIs
      • Authentication of server-side service APIs
      • Persistence API
        • CRUD API
        • Search API
        • List form data attachments API
        • Form Metadata API
        • Lease API
        • Reindexing API
        • Caching
        • Versioning
        • Revision History API
        • Zip Export API
        • Custom persistence providers
      • Other APIs
        • Connection context API
        • Duplicate form data API
        • File scan API
        • Form Runner JavaScript API
        • Generate XML Schema API
        • PDF API
        • Publish form definition API
        • Run form in the background API
      • Data formats
        • Form data
        • Date and time
        • Form definition
    • Architecture and integration
      • Architecture
      • Access form data
      • Integration
    • Advanced
      • Buttons and processes
        • Simple process syntax
        • Core actions
        • Form Runner actions
          • Save action
          • Send action
          • Email action
        • XForms actions
        • Predefined buttons, processes and dialogs
        • Summary page buttons and processes
      • Custom dialogs/model logic
      • Services
      • Singleton form
      • Monitoring HTTP requests
  • XForms
    • Core
      • Attribute Value Templates (AVTs)
      • Binds
      • Validation
      • Variables
      • Keyboard focus
      • XForms JavaScript API
      • Error handling
        • Detailed behavior
      • Model-Bind variables
      • XForms 2.0 support
    • Events
      • Standard support
      • UI refresh events
      • Keyboard events
      • Extension events
      • Extension context information
      • Other event extensions
    • Actions
      • Repeat, insert and delete
      • Scripting actions
      • Extensions
    • Controls
      • Label, hint, help
      • Input
      • Output
      • Text area
      • Button
      • Upload
      • Dialog
    • Submission
      • Standard support
      • JSON support
      • Asynchronous submissions
      • Caching extension
      • Other submission extensions
    • XPath
      • Type annotations
      • Expression analysis
      • Tips
      • Compatibility
      • Standard functions
      • Maps and arrays Functions
      • Extension functions
        • Core functions
        • Utility functions
        • Model functions
        • Controls functions
        • XML functions
        • JSON functions
        • HTTP functions
        • Form Runner functions
        • Other functions
        • Deprecated functions
    • XBL components
      • FAQ
      • Guide
        • XBL Tutorial
        • Bindings
        • XForms models
        • Including content
        • Event handling
        • Conventions
        • Map XBL example
        • Learning from existing components
      • Advanced topics
        • XBL Modes
        • JavaScript companion classes
        • XBL library
        • Extensions
        • Attachment controls
    • XForms tutorial
      • Introduction
      • Installation
      • The Hello application
      • The Bookcast application
        • The basic app
        • Database access
        • Polishing the app
        • Adding a feed
    • Using XForms from Java apps
  • XML Platform
    • Page Flow Controller
      • Basics
      • XML submission
      • Navigating between pages
      • Paths and matchers
      • Other configuration elements
      • Typical combinations of page model and page view
      • Examples
      • Authorizing pages and services
    • Processors
      • URL generator
      • Request generator
      • PDF to image converter
    • Resources
      • Resource managers
      • Setting up an external resources directory
    • Other
      • Binary and text documents
  • FAQ
    • Licensing
    • PE and Dev Support
    • Form Builder and Form Runner
    • Resources and support
    • Other technical questions
  • Contributors
    • Automated tests
    • Building Orbeon Forms
    • Localizing Orbeon Forms
    • Validation functions
    • Contributor License Agreement
  • Release notes
    • Orbeon Forms 2022.1.9
    • Orbeon Forms 2024.1.1
    • Orbeon Forms 2023.1.7
    • Orbeon Forms 2024.1
    • Orbeon Forms 2023.1.6
    • Orbeon Forms 2023.1.5
    • Orbeon Forms 2021.1.11
    • Orbeon Forms 2022.1.8
    • Orbeon Forms 2023.1.4
    • Orbeon Forms 2023.1.3
    • Orbeon Forms 2023.1.2
    • Orbeon Forms 2022.1.7
    • Orbeon Forms 2023.1.1
    • Orbeon Forms 2023.1
    • Orbeon Forms 2022.1.6
    • Orbeon Forms 2021.1.10
    • Orbeon Forms 2022.1.5
    • Orbeon Forms 2021.1.9
    • Orbeon Forms 2022.1.4
    • Orbeon Forms 2022.1.3
    • Orbeon Forms 2021.1.8
    • Orbeon Forms 2022.1.2
    • Orbeon Forms 2022.1.1
    • Orbeon Forms 2022.1
    • Orbeon Forms 2021.1.7
    • Orbeon Forms 2021.1.6
    • Orbeon Forms 2021.1.5
    • Orbeon Forms 2021.1.4
    • Orbeon Forms 2021.1.3
    • Orbeon Forms 2021.1.2
    • Orbeon Forms 2021.1.1
    • Orbeon Forms 2021.1
    • Orbeon Forms 2020.1.6
    • Orbeon Forms 2019.2.4
    • Orbeon Forms 2019.1.2
    • Orbeon Forms 2018.2.5
    • Orbeon Forms 2018.1.4
    • Orbeon Forms 2020.1.5
    • Orbeon Forms 2020.1.4
    • Orbeon Forms 2020.1.3
    • Orbeon Forms 2020.1.2
    • Orbeon Forms 2019.2.3
    • Orbeon Forms 2020.1.1
    • Orbeon Forms 2020.1
    • Orbeon Forms 2019.2.2
    • Orbeon Forms 2019.2.1
    • Orbeon Forms 2019.1.1
    • Orbeon Forms 2019.2
    • Orbeon Forms 2019.1
    • Orbeon Forms 2018.2.4
  • Release history
  • Use cases
  • Product roadmap
  • Index of features
Powered by GitBook
On this page
  • Default values
  • XML entity expansion
  • URL rewriting
  • oxf.url-rewriting.service.base-uri
  • Encryption properties
  • oxf.crypto.password
  • oxf.crypto.check-password-strength
  • oxf.crypto.key-length
  • oxf.crypto.hash-algorithm
  • Global properties
  • oxf.cache.size
  • oxf.xpath.environment-variable.enabled
  • oxf.cache.xpath.size
  • Showing the Orbeon Forms version number
  • XSLT output location mode
  • HTTP Server
  • Errors and exceptions
  • Caching
  • HTTP Client
  • Epilogue and theme properties
  • oxf.epilogue.theme
  • oxf.epilogue.theme.embeddable
  • oxf.epilogue.theme.renderer
  • oxf.epilogue.theme.error
  • oxf.epilogue.use-theme
  • oxf.epilogue.output-xhtml
  • oxf.epilogue.renderer-rewrite
  • oxf.epilogue.process-svg
  • Email processor properties
  • Global SMTP host
  • Global SMTP port
  • Global SMTP username
  • Global SMTP password
  • Global SMTP encryption
  • Test SMTP host
  • Test recipient
  • Rarely used properties
  • oxf.log4j-config
  • oxf.log4j2-config
  • oxf.pipeline.processors
  • oxf.validation.processor
  • oxf.validation.user
  • sax.inspection
  1. Configuration
  2. Properties

General

PreviousPropertiesNextHTTP client

Last updated 1 month ago

Default values

For the latest default values of general properties, see .

XML entity expansion

For security reasons, Orbeon Forms disables XML external entities. Other entities are enabled, but subject to a limit. This limit is set to 100,000 entity expansions.

Orbeon Forms has a new global setting to control (internal) XML entity expansion. Previously, XML entity expansion, including character entities, was enabled but subject to a limit. Since this version, you can configure XML entity expansion. By default, for security reasons, and since entities are rarely used, this is set to 0. To restore the previous behavior, set this property to a positive number:

<property
    as="xs:integer"
    name="oxf.xml-parsing.entity-expansion-limit"
    value="0"/>

URL rewriting

oxf.url-rewriting.service.base-uri

Name

oxf.url-rewriting.service.base-uri

Purpose

specify the base URL for rewriting some internal service URLs

Type

xs:anyURI

Default Value

Empty. Rewriting is done against the incoming request.

Usually Orbeon Forms uses the host, port, and context name as seen by the browser, such as:

http://www.mycompany.com/orbeon

to infer how to reach itself when calling some service URLs (see below for which URLs apply depending on the Orbeon Forms version). But in some cases, Orbeon Forms cannot reach to itself this way and an explicit base URL must be specified with this property.

Such cases include:

  • accessing the server through different host names (like https://foo/orbeon and https://bar/orbeon reaching the same Orbeon Forms instance)

  • accessing the embedded eXist database (for demo purposes) when the request goes through a reverse proxy

When you are in such configurations, please make sure to set oxf.url-rewriting.service.base-uri to point to the local servlet container instance, for example:

<property
    as="xs:anyURI"  
    name="oxf.url-rewriting.service.base-uri"              
    value="http://localhost:8080/orbeon"/>

Orbeon Forms 4.7 and newer

Since Orbeon Forms 4.7, this property is only used for the following:

  • access to the embedded eXist database

  • access to custom services located in the Orbeon web app (there are none by default)

You don't need to set this property if:

  • you do not use the embedded eXist or custom services

  • or you use the embedded eXist database or a custom service and

    • you are running your servlet container on a local computer for testing or deployment

    • or your external server name and port are accessible from the servlet container

When things don't work out of the box, typically when the network setup contains a front-end web server and/or prevents a network connection from the servlet container to itself, setting it to the following is usually enough:

<property
    as="xs:anyURI"
    name="oxf.url-rewriting.service.base-uri"
    value="http://localhost:8080/orbeon"/>

Make sure to adjust the port and prefix as needed.

Orbeon Forms 4.6.x and earlier

Up to and including Orbeon Forms 4.6.x, this property was used for all service calls, including calls to internal services used by Form Runner and Form Builder, such as loading i18n resources and accessing the persistence implementation.

With 4.6.x and earlier, you don't need to set this property if:

  • you are running your servlet container on a local computer for testing or deployment

  • or your external server name and port are accessible from the servlet container

When things don't work out of the box, typically when the network setup contains a front-end web server and/or prevents a network connection from the servlet container to itself, setting it to the following is usually enough:

<property
    as="xs:anyURI"
    name="oxf.url-rewriting.service.base-uri"
    value="http://localhost:8080/orbeon"/>

Make sure to adjust the port and prefix as needed.

Encryption properties

oxf.crypto.password

This property is used to create a private key used for encryption. You must change the default value of the password, even though a random seed is used.

<property
  as="xs:string"
  name="oxf.crypto.password"
  value="CHANGE THIS PASSWORD"/>

As of Orbeon Forms 2021.1, this property is used for:

    • if oxf.xforms.resources.encode-version is true, which is the default

  • Hashing internal upload URLs to prevent against tampering

    • SINCE Orbeon Forms 2021.1

The following uses are considered legacy and not in use by default in Orbeon Forms anymore:

  • The $instance URL parameter encryption

  • Form static/dynamic state with client state handling encryption

NOTE: If the backwards compatibility property oxf.xforms.password is defined, then it is used first. However, it is deprecated, and we advise not using it as support might be removed in a future Orbeon Forms version.

Orbeon Forms will cause an error when starting if the default value for oxf.crypto.password is used. This is to prevent you from using the default value in production.

In addition, a password strength checker will also cause an error if the password is too weak. Ideally, use a randomly-generated strong password.

oxf.crypto.check-password-strength

This property enables or disables the password strength checker. The default is true and enables the checker.

<property
    as="xs:boolean"
    name="oxf.crypto.check-password-strength"
    value="true"/>

When this is set to true, passwords are checked upon first use for strength. This is a baseline check only. In any case, you should use strong passwords and keep them secret, especially for production use.

The following passwords are checked:

oxf.crypto.key-length

This property specifies the length of the AES encryption key. The default is 128 bits.

<property
  as="xs:integer"
  name="oxf.crypto.key-length"
  value="128"/>

oxf.crypto.hash-algorithm

This property specifies the default hash algorithm. The default is:

  • Until Orbeon Forms 2022.1.2: SHA1

  • Since Orbeon Forms 2022.1.3 and 2023.1: SHA-256

<property
  as="xs:string"
  name="oxf.crypto.hash-algorithm"
  value="SHA-256"/>

Orbeon forms uses hash algorithms in at least the following cases:

  • to encode random identifiers, such as document ids in Form Runner

  • for internal caching purposes

  • XForms

    • keys for client-side scripts

    • keys for aggregated JavaScript and CSS resources

    • keys for dynamic xf:output resources

    • HMAC for server-side uploaded files

Global properties

oxf.cache.size

Name

oxf.cache.size

Purpose

set the size of the Orbeon Forms object cache

Type

xs:integer

Default Value

1000

oxf.xpath.environment-variable.enabled

<property 
    as="xs:boolean" 
    name="oxf.xpath.environment-variable.enabled"
    value="true"/>

oxf.cache.xpath.size

Name

oxf.cache.xpath.size

Purpose

set the size of the Orbeon Forms XPath cache

Type

xs:integer

Default Value

5000

NOTE: A profiler run shows that 2000 cache entries takes, for fairly typical XPath expressions, about 5 MB of memory.

Showing the Orbeon Forms version number

[SINCE Orbeon Forms 4.6.1]

This property controls whether Orbeon Forms outputs its version number to the client web browser:

  • at the bottom of pages, in particular with Form Runner

  • in the <xh:meta name="generator" content="…"> element

  • in combined JavaScript and CSS resource files built by the XForms engine

<property
  as="xs:boolean"
  name="oxf.show-version"
  value="false"/>

Default:

  • prod mode: false

  • dev mode: true

XSLT output location mode

During development, the following XSLT transformer configuration helps with line number errors. The following values are allowed:

  • none: no XSLT output line number information provided. This is recommended for deployment.

  • dumb: minimal XSLT output line number information provided.

  • smart: maximal XSLT output line number information provided. This is recommended for development.

<property
    as="xs:string"
    processor-name="oxf:builtin-saxon"
    name="location-mode"
    value="none"/>

<property
    as="xs:string"
    processor-name="oxf:unsafe-builtin-saxon"
    name="location-mode"
    value="none"/>

Default:

  • prod mode: none

  • dev mode: smart

HTTP Server

Errors and exceptions

The following property specifies whether the server is allowed to send detailed error and exceptions messages to the browser:

<property
    as="xs:boolean"
    name="oxf.http.exceptions"
    value="false"/>

Default:

  • prod mode: exceptions are not sent to the browser

  • dev mode: exceptions are sent to the browser

Caching

Orbeon Forms allows you to control the value of the Cache-Control HTTP caching header it sets in HTTP responses. For pages, i.e. the HTML sent to the browsers for your forms, the default value allows browsers to cache the page but requires the browser to revalidate the cached content with the server. For services, like APIs provided by Form Runner, caching is disabled. You can change these defaults with the following properties.

<property as="xs:string"  name="oxf.http.page.cache-headers">
    Cache-Control: private, max-age=0; Pragma:
</property>
<property as="xs:string"  name="oxf.http.service.cache-headers">
    Cache-Control: no-store
</property>

HTTP Client

Epilogue and theme properties

oxf.epilogue.theme

Name

oxf.epilogue.theme

Purpose

specifies the theme stylesheet

Type

xs:anyURI

Default Value

oxf:/config/theme-examples.xsl

This can be overwritten for a given app by placing a file theme.xsl inside the app directory.

oxf.epilogue.theme.embeddable

Name

oxf.epilogue.theme.embeddable

Purpose

specifies the theme stylesheet to use when within a portlet or in embeddable mode

Type

xs:anyURI

Default Value

oxf:/config/theme-portlet-examples.xsl

This can be overwritten for a given app by placing a file theme-embeddable.xsl inside the app directory.

oxf.epilogue.theme.renderer

Name

oxf.epilogue.theme.renderer

Purpose

specifies the theme stylesheet to use when using the XForms filter, whether in integrated or separate deployment mode

Type

xs:anyURI

Default Value

oxf:/config/theme-plain.xsl

oxf.epilogue.theme.error

Name

oxf.epilogue.theme.error

Purpose

specifies the theme stylesheet to use on the error page

Type

xs:anyURI

Default Value

oxf:/config/theme-error.xsl

oxf.epilogue.use-theme

Name

oxf.epilogue.use-theme

Purpose

whether a theme stylesheet must be applied

Type

xs:boolean

Default Value

true

oxf.epilogue.output-xhtml

Name

oxf.epilogue.output-xhtml

Purpose

whether to output XHTML to the browser or not

Type

xs:boolean

Default Value

false

oxf.epilogue.renderer-rewrite

Name

oxf.epilogue.renderer-rewrite

Purpose

whether the XForms renderer used in separate deployment must rewrite URLs

Type

xs:boolean

Default Value

false

oxf.epilogue.process-svg

Name

oxf.epilogue.process-svg

Purpose

whether SVG content must be converted server-side to images

Type

xs:boolean

Default Value

true

Email processor properties

Global SMTP host

Configure the SMTP host for all email processors. This global property can be overridden by local processor configurations.

<property
    as="xs:string"
    processor-name="oxf:email"
    name="smtp-host"
    value="mail.example.org"/>

Global SMTP port

Configure the SMTP port for all email processors. This global property can be overridden by local processor configurations.

<property
    as="xs:string"
    processor-name="oxf:email"
    name="smtp-port"
    value="25"/>

Global SMTP username

Configure the SMTP username for all email processors. This global property can be overridden by local processor configurations.

<property
    as="xs:string"
    processor-name="oxf:email"
    name="username"
    value="john"/>

Global SMTP password

Configure the SMTP password for all email processors. This global property can be overridden by local processor configurations.

<property
    as="xs:string"
    processor-name="oxf:email"
    name="password"
    value="secret"/>

Global SMTP encryption

Configure the SMTP encryption for all email processors. This global property can be overridden by local processor configurations.

<property
    as="xs:string"
    processor-name="oxf:email"
    name="encryption"
    value="tls"/>

Test SMTP host

Configure a test SMTP host for all email processors. This global property when specified overrides all the other SMTP host configurations for all email processors, whether in the processor configuration or using the smtp-host property.

<property
    as="xs:string"
    processor-name="oxf:email"
    name="test-smtp-host"
    value="smtp.acme.org"/>

Test recipient

Configure a test recipient email address for all email processors. This global property when specified overrides all the other SMTP recipient configurations for all email processors. [SINCE Orbeon Forms 2024.1.1] If this property is specified, CC and BCC recipients are also ignored.

<property
    as="xs:string"
    processor-name="oxf:email"
    name="test-to"
    value="joe@example.org"/>

Rarely used properties

oxf.log4j-config

Name

oxf.log4j-config

Purpose

specify the location of the Log4j 1.x configuration file

Type

xs:anyURI

Default Value in Properties

oxf:/config/log4j.xml

NOTE: You don't usually need to modify this property and the default location for log4j.xml should be preserved.

oxf.log4j2-config

[SINCE Orbeon Forms 2021.1, 2020.1.6, 2019.2.4, 2019.1.2, 2018.2.5, 2018.1.4]

Name

oxf.log4j2-config

Purpose

specify the location of the Log4j 2.x configuration file

Type

xs:anyURI

Default Value in Properties

oxf:/config/log4j2.xml

NOTE: You don't usually need to modify this property and the default location for log4j2.xml should be preserved.

oxf.pipeline.processors

Name

oxf.pipeline.processors

Purpose

specify the URL of the XML file with processor definitions for the XPL pipeline engine

Type

xs:anyURI

Default Value

oxf:/processors.xml

NOTE: You don't usually need to modify this property.

oxf.validation.processor

Name

oxf.validation.processor

Purpose

control the automatic processor validation

Type

xs:boolean

Default Value

Enabled

Many processors validate their configuration input with a schema. This validation is automatic and allows meaningful error reporting. To potentially improve the performance of the application, validation can be disabled in production environments.

NOTE: It is strongly discouraged to disable validation, as validation can highly contribute to the robustness of the application.

oxf.validation.user

Name

oxf.validation.user

Purpose

control user-defined validation

Type

boolean

Default Value

Enabled

NOTE: It is strongly discouraged to disable validation, as validation can highly contribute to the robustness of the application.

sax.inspection

Name

sax.inspection

Purpose

enable inspection SAX events

Type

xs:boolean

Default Value

false

SAX is the underlying mechanism in Orbeon Forms by which processors receive and generate XML data. Given only the constraints of the SAX API, it is possible for a processor to generate an invalid sequence of SAX events. Another processor that receives that invalid sequence of events may or may not be able to deal with it without throwing an exception. Some processors try to process invalid SAX events, while others throw exceptions. This means that when a processor generating an invalid sequence of SAX events is used in a pipeline, the problem might go unnoticed, or it might cause some other processor downstream to throw an exception.

To deal more efficiently with those cases, the sax.inspection property can be set to true. When it is set to true, the pipeline engine checks the outputs of every processor at runtime and makes sure that valid SAX events are generated. When an error is detected, an exception is thrown right away, with information about the processor that generated the invalid SAX events.

There is a performance penalty for enabling SAX events inspection. So this property should not be enabled on a production system.

NOTE: You don't usually need to enable this property.

NOTE: The eXist database is removed .

for cached assets URLs

Form data encryption for the feature

The

Higher strength encryption is usually not enabled by default in the JVM. See . When higher strength encryption is available, this value can be changed to 256, for example.

Not all encryption strengths are enabled by default in the JVM. See .

Orbeon Forms uses an efficient caching system. Orbeon Forms automatically determines what can be cached and when to expire objects. This size is reasonable for most applications. A bigger cache tends to make the application faster, but it uses more memory. To tune the cache size, see the suggestions in the section.

Access to environment variables with the is disabled by default. If you wish to make this XPath function available, set the following property to true.

This property configures the maximum number of compiled XPath expressions to keep in the XPath cache. To tune the cache size, see the suggestions in the section.

The oxf.http.service.cache-headers property is new in Orbeon Forms 2024.1. The oxf.http.page.cache-headers property existed previously but was not publicly documented.

See .

This property can easily be commented out for deployment, or placed in properties-local-dev.xml (see also ).

For details about logging, see .

For details about logging, see .

User-defined validation is activated in the with the attributes schema-href and schema-uri. To potentially improve the performance of the application, validation can be disabled in production environments.

properties-base.xml
[SINCE Orbeon Forms 2023.1.1]
[SINCE Orbeon Forms 2023.1]
Field-level encryption
Upload events encryption
"Test PDF"
XForms hmac() function
[SINCE Orbeon Forms 2023.1]
[SINCE Orbeon Forms 2023.1]
oxf.fr.access-token.password
oxf.fr.field-encryption.password
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files
Performance and Tuning
Performance and Tuning
[SINCE Orbeon Forms 2024.1]
HTTP client configuration properties
Run Modes
Logging
Logging
XML Pipeline Definition Language
oxf.crypto.password
Hashes for the metadata format
Orbeon Forms version encryption
environment-variable() function