Setting allow-reinstall-missing-host property to true on production


According to this thread, after a successful import, atlassian-connect-spring-boot apps must reject the first (unsigned) install request with HTTP 401 and accept the host on the second (signed) request. I think the only way to achieve this is to set allow-reinstall-missing-host property to “true” but when I do this, the following message appears in the container’s logs.

“Accepting installations signed by unknown hosts. This setting poses a security risk, and should not be used in production deployments.”

Is this message still valid? If yes, should we use something else to allow secondary (signed) install requests on production?


In my opinion leaving the allow-reinstall-missing-host in production is not safe and I am very curious what the security team would suggest in this case. @hari what do you think?
It can be used as a temporary solution as suggested here, however when you are having many customers and they very often use migration tools, you would have to change it several times a day, it became a pain :frowning:

The recommendations about this case in related posts are really unclear.
On one hand, setting allow-reinstall-missing-host property to “true” seems to be the only solution. On the other hand, it is recommended as a temporary solution. And there is this warning message in the logs that clearly states that this is a security risk.
So what is the permanent and safe solution?