Profile-based sets of beans
Many cloud-based platforms use proxies wrapped around applications. This enables the platform to support many features, including caching, content delivery networks (CDN), load balancing, and SSL termination. After all, why put such common infrastructure requirements on developers?
However, the side effect can break security protocols designed to protect us in the web. For example, our application may be running on a private IP address, while original requests come in on a public-facing URL. When our application sees a forwarded web request, how are we to distinguish it between a proper request versus some nefarious cross site scripting attack leveraging our service?
The first place this can affect our application is the chat service's WebSocket handling. It requires explicit configuration to handle such a hop. However, we only want such an adjustment in our code to apply when we are in production, not when running things in development on our workstation.
The solution...
