You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/04 16:22:37 UTC
[ofbiz-plugins] 01/02: Improved: POC for CSRF Token
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit cf272a9750db86927d6f2692320fe0f4165dd0ff
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Fri Mar 27 14:43:52 2020 +0100
Improved: POC for CSRF Token
(OFBIZ-11306)
There is no need to change it in common-controller because, apart the ecommerce
application, there are no applications that requires an anonymous flow.
It should be only changed in ecommerce controller.
---
ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 5f7031c..d9047f4 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
</request-map>
<request-map uri="getAssociatedStateList">
- <security https="true" auth="false"/>
+ <security https="true" auth="false" csrf-token="false"/>
<event type="service" invoke="getAssociatedStateList"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>