According to this thread, after a successful import,
atlassian-connect-spring-boot apps must reject the first (unsigned) install request with HTTP 401 and accept the host on the second (signed) request. I think the only way to achieve this is to set
allow-reinstall-missing-host property to “true” but when I do this, the following message appears in the container’s logs.
“Accepting installations signed by unknown hosts. This setting poses a security risk, and should not be used in production deployments.”
Is this message still valid? If yes, should we use something else to allow secondary (signed) install requests on production?