You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "Mohammed Rehan Khan (JIRA)" <ji...@apache.org> on 2016/06/09 12:54:21 UTC
[jira] [Updated] (OFBIZ-7270) Create New Shopping List - Security
Error
[ https://issues.apache.org/jira/browse/OFBIZ-7270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mohammed Rehan Khan updated OFBIZ-7270:
---------------------------------------
Description:
Steps to reproduce:
1) Go to eCommerce
2) Click on shopping list tab
3) Click on create new link
Getting following security error:
Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productStoreId] passed to secure (https) request-map with uri [createEmptyShoppingList] with an event that calls service [createShoppingList]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL.
was:Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productStoreId] passed to secure (https) request-map with uri [createEmptyShoppingList] with an event that calls service [createShoppingList]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL.
> Create New Shopping List - Security Error
> ------------------------------------------
>
> Key: OFBIZ-7270
> URL: https://issues.apache.org/jira/browse/OFBIZ-7270
> Project: OFBiz
> Issue Type: Sub-task
> Components: specialpurpose/ecommerce
> Affects Versions: Release Branch 13.07, Release Branch 14.12, Trunk, Release Branch 15.12
> Reporter: Mohammed Rehan Khan
> Assignee: Pranay Pandey
>
> Steps to reproduce:
> 1) Go to eCommerce
> 2) Click on shopping list tab
> 3) Click on create new link
> Getting following security error:
> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [productStoreId] passed to secure (https) request-map with uri [createEmptyShoppingList] with an event that calls service [createShoppingList]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)