You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/04 16:22:37 UTC

[ofbiz-plugins] 01/02: Improved: POC for CSRF Token

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit cf272a9750db86927d6f2692320fe0f4165dd0ff
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Fri Mar 27 14:43:52 2020 +0100

    Improved: POC for CSRF Token
    
    (OFBIZ-11306)
    
    There is no need to change it in common-controller because, apart the ecommerce
    application, there are no applications that requires an anonymous flow.
    It should be only changed in ecommerce controller.
---
 ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 5f7031c..d9047f4 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
     </request-map>
 
     <request-map uri="getAssociatedStateList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="false" csrf-token="false"/>
         <event type="service" invoke="getAssociatedStateList"/>
         <response name="success" type="request" value="json"/>
         <response name="error" type="request" value="json"/>