You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/06 10:12:39 UTC
[ofbiz-framework] branch trunk updated: Fixed: POC for CSRF Token
(OFBIZ-11306)
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 5c534a9 Fixed: POC for CSRF Token (OFBIZ-11306)
5c534a9 is described below
commit 5c534a9f9824c5bac1c8312a8d50063ca8b5e766
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Mon Apr 6 12:12:39 2020 +0200
Fixed: POC for CSRF Token
(OFBIZ-11306)
Fixes missing default NoCsrfDefenseStrategy in Header.ftl files
---
themes/bluelight/template/Header.ftl | 2 +-
themes/flatgrey/template/Header.ftl | 2 +-
themes/rainbowstone/template/includes/Header.ftl | 2 +-
themes/tomahawk/template/Header.ftl | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/themes/bluelight/template/Header.ftl b/themes/bluelight/template/Header.ftl
index f4bbff9..3921b99 100644
--- a/themes/bluelight/template/Header.ftl
+++ b/themes/bluelight/template/Header.ftl
@@ -28,7 +28,7 @@ under the License.
<html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+ <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
<#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
<meta name="csrf-token" content="<@csrfTokenAjax/>"/>
</#if>
diff --git a/themes/flatgrey/template/Header.ftl b/themes/flatgrey/template/Header.ftl
index bbe4eb3..b74b46e 100644
--- a/themes/flatgrey/template/Header.ftl
+++ b/themes/flatgrey/template/Header.ftl
@@ -24,7 +24,7 @@ under the License.
<html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+ <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
<#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
<meta name="csrf-token" content="<@csrfTokenAjax/>"/>
</#if>
diff --git a/themes/rainbowstone/template/includes/Header.ftl b/themes/rainbowstone/template/includes/Header.ftl
index 71ba16f..7b1d016 100644
--- a/themes/rainbowstone/template/includes/Header.ftl
+++ b/themes/rainbowstone/template/includes/Header.ftl
@@ -24,7 +24,7 @@ under the License.
<html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+ <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
<#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
<meta name="csrf-token" content="<@csrfTokenAjax/>"/>
</#if>
diff --git a/themes/tomahawk/template/Header.ftl b/themes/tomahawk/template/Header.ftl
index d01ae9c..ab07096 100644
--- a/themes/tomahawk/template/Header.ftl
+++ b/themes/tomahawk/template/Header.ftl
@@ -28,7 +28,7 @@ under the License.
<html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+ <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
<#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
<meta name="csrf-token" content="<@csrfTokenAjax/>"/>
</#if>