You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/27 16:30:08 UTC
[ofbiz-plugins] branch release18.12 updated (fcbb750 -> a64dea4)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a change to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git.
from fcbb750 Fixed: Product Images not rendering on One Page Checkout (OFBIZ-11400)
new d523744 Improved: POC for CSRF Token
new 11250f2 Adds the meta CSRF token for Ajax
new a64dea4 Reverted: Revert "Adds the meta CSRF token for Ajax"
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
[ofbiz-plugins] 02/03: Adds the meta CSRF token for Ajax
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit 11250f22d8dac1df399f04918ba90f89acfa8c6b
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Sat Mar 28 09:54:12 2020 +0100
Adds the meta CSRF token for Ajax
---
ecommerce/template/includes/HeaderHead.ftl | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 7400674..96da9d5 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,6 +25,11 @@ under the License.
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+ <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+ <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
+ <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
+ </#if>
+
<title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
: ${(productStore.storeName)!}
</title>
[ofbiz-plugins] 01/03: Improved: POC for CSRF Token
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit d52374422ebab680461d50a9f1d8dd81611bdaef
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Fri Mar 27 14:43:52 2020 +0100
Improved: POC for CSRF Token
(OFBIZ-11306)
There is no need to change it in common-controller because, apart the ecommerce
application, there are no applications that requires an anonymous flow.
It should be only changed in ecommerce controller.
---
ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 40943b9..30d4efc 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
</request-map>
<request-map uri="getAssociatedStateList">
- <security https="true" auth="false"/>
+ <security https="true" auth="false" csrf-token="false"/>
<event type="service" invoke="getAssociatedStateList"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
[ofbiz-plugins] 03/03: Reverted: Revert "Adds the meta CSRF token
for Ajax"
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit a64dea4ffe38c70849a457aa755a496ef0a21b5e
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Mon Apr 27 18:30:03 2020 +0200
Reverted: Revert "Adds the meta CSRF token for Ajax"
This reverts commit 11250f22d8dac1df399f04918ba90f89acfa8c6b.
Revert "Improved: POC for CSRF Token"
This reverts commit d52374422ebab680461d50a9f1d8dd81611bdaef.
I forgot that I committed these changes in ecommerce w/o committing in framework
---
ecommerce/template/includes/HeaderHead.ftl | 5 -----
ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
2 files changed, 1 insertion(+), 6 deletions(-)
diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 96da9d5..7400674 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,11 +25,6 @@ under the License.
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
- <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
- <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
- </#if>
-
<title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
: ${(productStore.storeName)!}
</title>
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 30d4efc..40943b9 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
</request-map>
<request-map uri="getAssociatedStateList">
- <security https="true" auth="false" csrf-token="false"/>
+ <security https="true" auth="false"/>
<event type="service" invoke="getAssociatedStateList"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>