You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "juning lee (Created) (JIRA)" <ji...@apache.org> on 2011/11/29 03:57:39 UTC
[jira] [Created] (OFBIZ-4596) URL parameter passed to secure
(https) request-map is not allowed for security reasons
URL parameter passed to secure (https) request-map is not allowed for security reasons
--------------------------------------------------------------------------------------
Key: OFBIZ-4596
URL: https://issues.apache.org/jira/browse/OFBIZ-4596
Project: OFBiz
Issue Type: Test
Components: product
Environment: windows 7
Reporter: juning lee
Hi,everyone~
I wrote a screen,which is made up of two forms,first one is a search form looking up a certain supplier,the second one is a list form, it shows all the products whose supplier is the choosen one,and you can modify the lastPrice by fill in the text and click the submit button next to it.
It all goes well until I done a modification and tries to page down,an error occurs and says:
"Found URL parameter [partyId] passed to secure (https) request-map with uri [updateSupplierProductBySupplier] with an event that calls service [updateSupplierProduct]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. "
in the controller.xml I wrote this:
<request-map uri="updateSupplierProductBySupplier">
<security https="true" auth="true"/>
<event type="service" path="" invoke="updateSupplierProduct"/>
<response name="success" type="request-redirect" value="ListSupplierPriceBySupplier"><redirect-parameter name="partyId"/></response> <!-- goes back to the last page and passes partyId to the screen -->
</request-map>
I don't quite understand what to do,so would anyone be so kind to tell me what should I do to solve this?
Thx in advance~
lee 2011-11-29
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (OFBIZ-4596) URL parameter passed to secure (https)
request-map is not allowed for security reasons
Posted by "Jacques Le Roux (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/OFBIZ-4596?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-4596.
----------------------------------
Resolution: Not A Problem
Assignee: Jacques Le Roux
Please don't use Jira to ask questions. Use rather user ML for such questions:
http://cwiki.apache.org/confluence/display/OFBADMIN/Mailing+Lists
> URL parameter passed to secure (https) request-map is not allowed for security reasons
> --------------------------------------------------------------------------------------
>
> Key: OFBIZ-4596
> URL: https://issues.apache.org/jira/browse/OFBIZ-4596
> Project: OFBiz
> Issue Type: Test
> Components: product
> Environment: windows 7
> Reporter: juning lee
> Assignee: Jacques Le Roux
>
> Hi,everyone~
> I wrote a screen,which is made up of two forms,first one is a search form looking up a certain supplier,the second one is a list form, it shows all the products whose supplier is the choosen one,and you can modify the lastPrice by fill in the text and click the submit button next to it.
> It all goes well until I done a modification and tries to page down,an error occurs and says:
> "Found URL parameter [partyId] passed to secure (https) request-map with uri [updateSupplierProductBySupplier] with an event that calls service [updateSupplierProduct]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. "
> in the controller.xml I wrote this:
> <request-map uri="updateSupplierProductBySupplier">
> <security https="true" auth="true"/>
> <event type="service" path="" invoke="updateSupplierProduct"/>
> <response name="success" type="request-redirect" value="ListSupplierPriceBySupplier"><redirect-parameter name="partyId"/></response> <!-- goes back to the last page and passes partyId to the screen -->
> </request-map>
> I don't quite understand what to do,so would anyone be so kind to tell me what should I do to solve this?
> Thx in advance~
> lee 2011-11-29
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira