You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2020/04/06 10:12:39 UTC
[ofbiz-framework] branch trunk updated: Fixed: POC for CSRF Token (OFBIZ-11306)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 5c534a9  Fixed: POC for CSRF Token (OFBIZ-11306)
5c534a9 is described below

commit 5c534a9f9824c5bac1c8312a8d50063ca8b5e766
Author: Jacques Le Roux <ja...@les7arts.com>
AuthorDate: Mon Apr 6 12:12:39 2020 +0200

    Fixed: POC for CSRF Token
    (OFBIZ-11306)
    
    Fixes missing default NoCsrfDefenseStrategy in Header.ftl files
---
 themes/bluelight/template/Header.ftl             | 2 +-
 themes/flatgrey/template/Header.ftl              | 2 +-
 themes/rainbowstone/template/includes/Header.ftl | 2 +-
 themes/tomahawk/template/Header.ftl              | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/themes/bluelight/template/Header.ftl b/themes/bluelight/template/Header.ftl
index f4bbff9..3921b99 100644
--- a/themes/bluelight/template/Header.ftl
+++ b/themes/bluelight/template/Header.ftl
@@ -28,7 +28,7 @@ under the License.
 <html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
 <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
     <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
         <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
     </#if>
diff --git a/themes/flatgrey/template/Header.ftl b/themes/flatgrey/template/Header.ftl
index bbe4eb3..b74b46e 100644
--- a/themes/flatgrey/template/Header.ftl
+++ b/themes/flatgrey/template/Header.ftl
@@ -24,7 +24,7 @@ under the License.
 <html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
 <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
     <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
         <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
     </#if>
diff --git a/themes/rainbowstone/template/includes/Header.ftl b/themes/rainbowstone/template/includes/Header.ftl
index 71ba16f..7b1d016 100644
--- a/themes/rainbowstone/template/includes/Header.ftl
+++ b/themes/rainbowstone/template/includes/Header.ftl
@@ -24,7 +24,7 @@ under the License.
 <html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
 <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
     <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
         <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
     </#if>
diff --git a/themes/tomahawk/template/Header.ftl b/themes/tomahawk/template/Header.ftl
index d01ae9c..ab07096 100644
--- a/themes/tomahawk/template/Header.ftl
+++ b/themes/tomahawk/template/Header.ftl
@@ -28,7 +28,7 @@ under the License.
 <html lang="${docLangAttr}" dir="${langDir}" xmlns="http://www.w3.org/1999/xhtml">
 <head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+    <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", "org.apache.ofbiz.security.NoCsrfDefenseStrategy", delegator)>
     <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
         <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
     </#if>