You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/27 16:30:11 UTC
[ofbiz-plugins] 03/03: Reverted: Revert "Adds the meta CSRF token
for Ajax"
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit a64dea4ffe38c70849a457aa755a496ef0a21b5e
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Mon Apr 27 18:30:03 2020 +0200
Reverted: Revert "Adds the meta CSRF token for Ajax"
This reverts commit 11250f22d8dac1df399f04918ba90f89acfa8c6b.
Revert "Improved: POC for CSRF Token"
This reverts commit d52374422ebab680461d50a9f1d8dd81611bdaef.
I forgot that I committed these changes in ecommerce w/o committing in framework
---
ecommerce/template/includes/HeaderHead.ftl | 5 -----
ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 96da9d5..7400674 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,11 +25,6 @@ under the License.
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
- <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
- <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
- </#if>
-
<title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
: ${(productStore.storeName)!}
</title>
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 30d4efc..40943b9 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
</request-map>
<request-map uri="getAssociatedStateList">
- <security https="true" auth="false" csrf-token="false"/>
+ <security https="true" auth="false"/>
<event type="service" invoke="getAssociatedStateList"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>