Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id ABDF6200C38 for ; Tue, 28 Feb 2017 15:51:50 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id AAA5A160B7E; Tue, 28 Feb 2017 14:51:50 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D7ABF160B7C for ; Tue, 28 Feb 2017 15:51:49 +0100 (CET) Received: (qmail 60412 invoked by uid 500); 28 Feb 2017 14:51:49 -0000 Mailing-List: contact notifications-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list notifications@ofbiz.apache.org Received: (qmail 60402 invoked by uid 99); 28 Feb 2017 14:51:49 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 28 Feb 2017 14:51:49 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 93D9DC094B for ; Tue, 28 Feb 2017 14:51:48 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.547 X-Spam-Level: X-Spam-Status: No, score=-1.547 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-2.999, SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 7eVVV74_MKHB for ; Tue, 28 Feb 2017 14:51:47 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 7CB2F5F403 for ; Tue, 28 Feb 2017 14:51:46 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id AAB70E053A for ; Tue, 28 Feb 2017 14:51:45 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 5A80C24158 for ; Tue, 28 Feb 2017 14:51:45 +0000 (UTC) Date: Tue, 28 Feb 2017 14:51:45 +0000 (UTC) From: "Jacques Le Roux (JIRA)" To: notifications@ofbiz.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (OFBIZ-9206) Login and logout process in demos shows a certificate issue MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 28 Feb 2017 14:51:50 -0000 [ https://issues.apache.org/jira/browse/OFBIZ-9206?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15888142#comment-15888142 ] Jacques Le Roux commented on OFBIZ-9206: ---------------------------------------- OK I was ready to close this issue with this message {quote} Fixed in trunk r1784549 + r1784558 R16.11 r1784550 + r1784559 R15.11 & 14.11 r1784556+ r1784560 R13.07 r1784745 {quote} I even wrote that {quote} It was an easy fix, I just imported in trunk demo and all work perfectly. {quote} But I missed one point: how deep the ecommerce webapp is entrenched in some applications components. This can at least be tested with product and catalog webapp. # Get to https://demo-stable.ofbiz.apache.org/catalog/control/EditProduct?productId=GZ-1000 # Click on the "Product Page" button (you may notice an error which has been "fixed", more a workaround, at OFBIZ-9234) # Click on the logout link you get to https://demo-stable.ofbiz.apache.org/ecommerce/control/main but also to blank page, you just got a 404. The same happens locally, it's not related to demos, the letsencrypt certificate or the HTTPD frontend config. If you replace ecommerce/control/main by ecomseo in the URL, it works again. IIRW this was the initial reason I switched the trunk demo link from the site home page to ecomseo. Also if you replace ecommerce by ecomseo in CatalogMenus.xml then all works really perfectly. What I could do is to make this a parameter, but if you look for "ecommerce" in applications you find 96 harcoded "ecommerce" strings. Among the 96 harcoded "ecommerce" strings I could replace those that have a relation with URLs generation by "ecomseo" and that would be it. But at this stage I think we need to think more about it. I see 3 alternatives: # Fixes the underlying problems with ecommerce, good luck while shaving the yak! See OFBIZ-9234 and OFBIZ-9235 I already crossed while working on the current issue, for instance. # My proposition above to replace "ecommerce" strings by "ecomseo". But I know some are reluctants about that because the ecomseo specifications have not been defined. Though we also have no specifications for ecommerce, I can understand this concern. It would be good to have ecomseo specifications defined before definitely switching to it. I thought about reverting and keep up later. But I fear it's a risk of loosing momentum and have to do it again if other changes stack on. I'll rather retroengineer ecomseo to explain what really changes. If I can't explain all at a functional level, I'll ask Jinghai and especially Jonathan Schikowski, anyway I already planned to do so. # This is only related to the logout when coming from catalog/product, and a simpler way is to remove all ecommerce links from applications. We anyway want to remove dependencies from plugins in applications. And I believe it's where we should start. I'm inclided to the 3rd option, I'll create a thread on dev ML to discuss about the 3 points above. In the meantime, I'll now restart the demos and change the link from the site home page, for at least test and let test. > Login and logout process in demos shows a certificate issue > ----------------------------------------------------------- > > Key: OFBIZ-9206 > URL: https://issues.apache.org/jira/browse/OFBIZ-9206 > Project: OFBiz > Issue Type: Bug > Components: Demo > Reporter: Jacques Le Roux > Assignee: Jacques Le Roux > Priority: Minor > Attachments: OFBIZ-9206.patch, ofbiz-vm2.apache.org.yaml > > > When, from the site main page http://ofbiz.apache.org/, you get to the demos depending on browser (tested on Windows 7) you get some issues: > * FF > ** Management Apps: OK > ** Ecommerce: OK > * Chrome (Management Apps or Ecommerce) > ** stable: OK > ** old: KO - If you copy the URL by hand it works, and after even from the main page it works. > ** trunk: OK > * IE, same than Chrome > If, from any browser, you logout from Management Apps you get a certificate issue. Actually as we use HSTS the browsers protect us from any 3rd party intrusions... Same issue when login in. > So it seems we have a certificate issue after OFBIZ-7928 and INFRA-11960. Maybe it's due to how OFBiz redirects when login in or login out because, so far, only the login page is concerned... -- This message was sent by Atlassian JIRA (v6.3.15#6346)