You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2020/05/04 11:44:00 UTC

[jira] [Closed] (OFBIZ-11643) CLONE - Use only HTTPS in OFBiz

     [ https://issues.apache.org/jira/browse/OFBIZ-11643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-11643.
-----------------------------------
    Resolution: Won't Do

Finally it's not the right way, I did good 1st time

> CLONE - Use only HTTPS in OFBiz
> -------------------------------
>
>                 Key: OFBIZ-11643
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11643
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL COMPONENTS
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>
> When doing OFBIZ-6849 I forgot to take care of the https attribute of the security element used in controllers.
> It's not used anymore since we used HTTPS everywhere but in request listed in http.request-map.list property of url.properties. It's even enforced by HSTS for requests that are not listed in this property.
> So I'll remove the https attribute and remove its usage in in controllers.
> This is part of handling a security issue, so will be backported in supported branches when needed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)