ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (Jira)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-11349) The "stream" request-map in ecommerce and commonext controllers require authentication
Date Wed, 19 Feb 2020 12:42:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jacques Le Roux updated OFBIZ-11349:
------------------------------------
    Summary: The "stream" request-map in ecommerce and commonext controllers require authentication
 (was: Put back the "stream" request-map in ecommerce controller)

> The "stream" request-map in ecommerce and commonext controllers require authentication
> --------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-11349
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11349
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ecommerce
>    Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12
>            Reporter: Jacques Le Roux
>            Priority: Major
>
> For security reason, the "stream" request-map 
> # in ecommerce controller have been temporarily commented out. 
> # in commonext controller has been changed to require authentication.
> We will need to 
> # put back the functionnalities allowed by the "stream" request-map in ecommerce . 
> # later check that mandatory authentication in commonext controller no impact.
> *Eventually it turned out that we simply needed to require authentication in both cases
(back and front ends). Because in ecommerce/ecomseo webapps the stream request is only used
to post images in blog entries an you need to be logged in to do so.*



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message