Context

Currently, the default Spring Security login and logout pages are styled using Bootstrap CSS. The version we use is 4.0.0-beta, while the newer version is 5.3.x.

It is used for:

• Default styling (colors, fonts, button shapes, etc)
• Positioning (mostly centering)
• Responsiveness ("this page is usable on my phone")
• Striped tables

While Bootstrap has a lot of useful built-in features, it comes with a few drawbacks:

• It is hosted on a external CDN we do not control
• It forces an extra request on first login
• It is much, much, much larger than what is required for the features we use
• As a consequence, on lower bandwidth / flakier connections, this will significantly delay first paint

Additionally, for air-gapped scenarios (no access to the internet):

• The page may not load any style
• Users' unit tests may time out while waiting for the CSS to download

Previous discussions

This has been mentioned previously, e.g. gh-7165 and gh-11949. The takeway is:

There isn't intended to be a way to customize this behavior

However, we are not specifically attached to using Bootstrap

Proposed solution

Write the minimal CSS required to achieve the desired behavior on the pages, and inline that directly.

Closed by gh-15303