You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (Jira)" <ji...@apache.org> on 2020/05/04 11:44:00 UTC
[jira] [Closed] (OFBIZ-11643) CLONE - Use only HTTPS in OFBiz
[ https://issues.apache.org/jira/browse/OFBIZ-11643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-11643.
-----------------------------------
Resolution: Won't Do
Finally it's not the right way, I did good 1st time
> CLONE - Use only HTTPS in OFBiz
> -------------------------------
>
> Key: OFBIZ-11643
> URL: https://issues.apache.org/jira/browse/OFBIZ-11643
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
> When doing OFBIZ-6849 I forgot to take care of the https attribute of the security element used in controllers.
> It's not used anymore since we used HTTPS everywhere but in request listed in http.request-map.list property of url.properties. It's even enforced by HSTS for requests that are not listed in this property.
> So I'll remove the https attribute and remove its usage in in controllers.
> This is part of handling a security issue, so will be backported in supported branches when needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)