You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Mohammed Rehan Khan (JIRA)" <ji...@apache.org> on 2016/06/10 11:27:20 UTC

[jira] [Created] (OFBIZ-7306) Delete Customer Tax Auth Info link is not working - Security Error

Mohammed Rehan Khan created OFBIZ-7306:
------------------------------------------

             Summary: Delete Customer Tax Auth Info link is not working - Security Error
                 Key: OFBIZ-7306
                 URL: https://issues.apache.org/jira/browse/OFBIZ-7306
             Project: OFBiz
          Issue Type: Sub-task
          Components: specialpurpose/ecommerce
    Affects Versions: Release Branch 15.12, Trunk, Release Branch 14.12, Release Branch 13.07
            Reporter: Mohammed Rehan Khan
            Assignee: Mohammed Rehan Khan


Steps to reproduce: 
1) Go to eCommerce
2) Click on profile tab
3) Add customer tax auth info from "Tax Identification and Exemption" section.
4) Click on delete icon.

Getting following security error:

Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [partyId] passed to secure (https) request-map with uri [deleteCustomerTaxAuthInfo] with an event that calls service [deletePartyTaxAuthInfo]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL.
  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)