Hello,
In the ordermgr, * I create a Request. * Then, I perform 'Create Quote from request' The Following Errors Occurred: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [custRequestId] passed to secure (https) request-map with uri [createQuoteFromCustRequest] with an event that calls service [createQuoteFromCustRequest]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. -Aswath |
Administrator
|
Thanks for report,
I have a plan for <link elements in menus and screens xml files, like the one I used at https://issues.apache.org/jira/browse/OFBIZ-2243 Be patient or do the change yourself waiting for the largest changes... Jacques From: "aswath narayana" <[hidden email]> > Hello, > In the ordermgr, > * I create a Request. > * Then, I perform 'Create Quote from request' > > The Following Errors Occurred: > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL > parameter [custRequestId] passed to secure (https) request-map with uri > [createQuoteFromCustRequest] with an event that calls service > [createQuoteFromCustRequest]; this is not allowed for security reasons! The > data should be encrypted by making it part of the request body (a form > field) instead of the request URL. > > -Aswath > |
Administrator
|
In reply to this post by aswath narayana
There is also this issue https://issues.apache.org/jira/browse/OFBIZ-2260 for everybody wanting to participate at this effort in
order to deliver a 9.4 release better version (secured) The orignal need comes from https://issues.apache.org/jira/browse/OFBIZ-1959 Jacques From: "Jacques Le Roux" <[hidden email]> > Thanks for report, > > I have a plan for <link elements in menus and screens xml files, like the one I used at > https://issues.apache.org/jira/browse/OFBIZ-2243 > Be patient or do the change yourself waiting for the largest changes... > > Jacques > > From: "aswath narayana" <[hidden email]> >> Hello, >> In the ordermgr, >> * I create a Request. >> * Then, I perform 'Create Quote from request' >> >> The Following Errors Occurred: >> >> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL >> parameter [custRequestId] passed to secure (https) request-map with uri >> [createQuoteFromCustRequest] with an event that calls service >> [createQuoteFromCustRequest]; this is not allowed for security reasons! The >> data should be encrypted by making it part of the request body (a form >> field) instead of the request URL. >> >> -Aswath >> > |
In reply to this post by aswath narayana
Hi,Aswath
perhaps the error is occured because you have called service "createQuoteFromCustRequest" in this way: <hyperlink target="createQuoteFromCustRequest?custRequestId={****}"/> You attempt to use <hyperlink target="createQuoteFromCustRequest> <parameter param-name="custRequestId" value="{****}"/> </hyperlink> This is the new security improvement of Ofbiz. For more details search "secure urls"
|
Hi,
I am trying to do this type of change,as I saw similar change done by Jacques in r760363 The requestForms.xml does not have this hyperlink. But it has the following <form name="EditQuoteItemForRequest" type="single" target="updateQuoteItemForRequest" title="" default-map-name="quoteItem" header-row-style="header-row" default-table-style="basic-table"> <alt-target use-when="quoteItem==null" target="createQuoteItemForRequest"/> <auto-fields-entity entity-name="QuoteItem" default-field-type="edit"/> .... Is this the place to look for... Thanks -Aswath On Wed, Apr 1, 2009 at 12:34 AM, Angelo Matarazzo <[hidden email] > wrote: > > Hi,Aswath > perhaps the error is occured because you have called service > "createQuoteFromCustRequest" > in this way: <hyperlink > target="createQuoteFromCustRequest?custRequestId={****}"/> > > You attempt to use > <hyperlink target="createQuoteFromCustRequest> > <parameter param-name="custRequestId" value="{****}"/> > </hyperlink> > This is the new security improvement of Ofbiz. > For more details search "secure urls" > > aswath wrote: > > > > Hello, > > In the ordermgr, > > * I create a Request. > > * Then, I perform 'Create Quote from request' > > > > The Following Errors Occurred: > > > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found > > URL > > parameter [custRequestId] passed to secure (https) request-map with uri > > [createQuoteFromCustRequest] with an event that calls service > > [createQuoteFromCustRequest]; this is not allowed for security reasons! > > The > > data should be encrypted by making it part of the request body (a form > > field) instead of the request URL. > > > > -Aswath > > > > > > -- > View this message in context: > http://www.nabble.com/Create-Quote-from-request---error-tp22805028p22807134.html > Sent from the OFBiz - User mailing list archive at Nabble.com. > > |
Free forum by Nabble | Edit this page |