forgot this is release 9.04
BJ Freeman sent the following on 4/28/2009 11:20 AM: > I know this has been discussed on the dev list. I would love to provide > patches. I am guessing this has to be changed to a post, if I understand > right. > > it seems most of the delete button in catalog section come up with > similar messages. > https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0 > > Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found > URL parameter [productStoreId] passed to secure (https) request-map with > uri [promo_deleteProductStorePromoAppl] with an event that calls service > [deleteProductStorePromoAppl]; this is not allowed for security reasons! > The data should be encrypted by making it part of the request body (a > form field) instead of the request URL. -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro Systems Integrator. |
If this is release 9.04 and its a bug then we should not forget this.
Thanks -- Pranay Pandey On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote: > forgot this is release 9.04 > > BJ Freeman sent the following on 4/28/2009 11:20 AM: >> I know this has been discussed on the dev list. I would love to >> provide >> patches. I am guessing this has to be changed to a post, if I >> understand >> right. >> >> it seems most of the delete button in catalog section come up with >> similar messages. >> https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0 >> >> Error calling event: org.ofbiz.webapp.event.EventHandlerException: >> Found >> URL parameter [productStoreId] passed to secure (https) request-map >> with >> uri [promo_deleteProductStorePromoAppl] with an event that calls >> service >> [deleteProductStorePromoAppl]; this is not allowed for security >> reasons! >> The data should be encrypted by making it part of the request body (a >> form field) instead of the request URL. > > -- > BJ Freeman > http://www.businessesnetwork.com/automation > http://bjfreeman.elance.com > http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro > Systems Integrator. > smime.p7s (3K) Download Attachment |
Administrator
|
I just had a look at this error. The error msg states it clearly
Found URL parameter [productStoreId] passed to secure (https) request-map with uri [promo_deleteProductStorePromoAppl] with an event that calls service [deleteProductStorePromoAppl]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. Thank you in advance for your help. Is a sub-task of OFBIZ-2330 created ? Thanks Jacques PS : BTW we have an issue with the new theme : the error msg dissapear too quickly you can't read it. In a general I don't like much how error messages are rendered in BizznesTime theme. I have added that at https://issues.apache.org/jira/browse/OFBIZ-2312?focusedCommentId=12706970&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12706970 From: "Pranay Pandey" <[hidden email]> > If this is release 9.04 and its a bug then we should not forget this. > > Thanks > -- > Pranay Pandey > > > > > On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote: > >> forgot this is release 9.04 >> >> BJ Freeman sent the following on 4/28/2009 11:20 AM: >>> I know this has been discussed on the dev list. I would love to provide >>> patches. I am guessing this has to be changed to a post, if I understand >>> right. >>> >>> it seems most of the delete button in catalog section come up with >>> similar messages. >>> https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0 >>> >>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found >>> URL parameter [productStoreId] passed to secure (https) request-map with >>> uri [promo_deleteProductStorePromoAppl] with an event that calls service >>> [deleteProductStorePromoAppl]; this is not allowed for security reasons! >>> The data should be encrypted by making it part of the request body (a >>> form field) instead of the request URL. >> >> -- >> BJ Freeman >> http://www.businessesnetwork.com/automation >> http://bjfreeman.elance.com >> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro >> Systems Integrator. >> > > |
Administrator
|
Hi BJ,
Did you create a sub-task of OFBIZ-2330 ? Thanks Jacques From: "Jacques Le Roux" <[hidden email]> >I just had a look at this error. The error msg states it clearly > > Found URL parameter [productStoreId] passed to secure (https) request-map with uri [promo_deleteProductStorePromoAppl] with an > event that calls service [deleteProductStorePromoAppl]; this is not allowed for security reasons! The data should be encrypted by > making it part of the request body (a form field) instead of the request URL. > > Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 > (check before if a sub-task for this error does not exist). > If you are not sure how to create a Jira issue please have a look before at http://docs.ofbiz.org/x/r. > > Thank you in advance for your help. > > Is a sub-task of OFBIZ-2330 created ? > > Thanks > > Jacques > PS : BTW we have an issue with the new theme : the error msg dissapear too quickly you can't read it. In a general I don't like > much how error messages are rendered in BizznesTime theme. I have added that at > https://issues.apache.org/jira/browse/OFBIZ-2312?focusedCommentId=12706970&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12706970 > > From: "Pranay Pandey" <[hidden email]> >> If this is release 9.04 and its a bug then we should not forget this. >> >> Thanks >> -- >> Pranay Pandey >> >> >> >> >> On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote: >> >>> forgot this is release 9.04 >>> >>> BJ Freeman sent the following on 4/28/2009 11:20 AM: >>>> I know this has been discussed on the dev list. I would love to provide >>>> patches. I am guessing this has to be changed to a post, if I understand >>>> right. >>>> >>>> it seems most of the delete button in catalog section come up with >>>> similar messages. >>>> https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0 >>>> >>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found >>>> URL parameter [productStoreId] passed to secure (https) request-map with >>>> uri [promo_deleteProductStorePromoAppl] with an event that calls service >>>> [deleteProductStorePromoAppl]; this is not allowed for security reasons! >>>> The data should be encrypted by making it part of the request body (a >>>> form field) instead of the request URL. >>> >>> -- >>> BJ Freeman >>> http://www.businessesnetwork.com/automation >>> http://bjfreeman.elance.com >>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro >>> Systems Integrator. >>> >> >> > > |
In reply to this post by Jacques Le Roux
Just Did thanks.
I was looking where to hook this in Jacques Le Roux sent the following on 5/9/2009 1:36 PM: > Hi BJ, > > Did you create a sub-task of OFBIZ-2330 ? > > Thanks > > Jacques > > From: "Jacques Le Roux" <[hidden email]> >> I just had a look at this error. The error msg states it clearly >> >> Found URL parameter [productStoreId] passed to secure (https) >> request-map with uri [promo_deleteProductStorePromoAppl] with an event >> that calls service [deleteProductStorePromoAppl]; this is not allowed >> for security reasons! The data should be encrypted by making it part >> of the request body (a form field) instead of the request URL. >> >> Moreover it would be kind if you could create a Jira sub-task of >> https://issues.apache.org/jira/browse/OFBIZ-2330 >> (check before if a sub-task for this error does not exist). >> If you are not sure how to create a Jira issue please have a look >> before at http://docs.ofbiz.org/x/r. >> >> Thank you in advance for your help. >> >> Is a sub-task of OFBIZ-2330 created ? >> >> Thanks >> >> Jacques >> PS : BTW we have an issue with the new theme : the error msg dissapear >> too quickly you can't read it. In a general I don't like much how >> error messages are rendered in BizznesTime theme. I have added that at >> https://issues.apache.org/jira/browse/OFBIZ-2312?focusedCommentId=12706970&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#action_12706970 >> >> >> From: "Pranay Pandey" <[hidden email]> >>> If this is release 9.04 and its a bug then we should not forget this. >>> >>> Thanks >>> -- >>> Pranay Pandey >>> >>> >>> >>> >>> On Apr 29, 2009, at 12:03 AM, BJ Freeman wrote: >>> >>>> forgot this is release 9.04 >>>> >>>> BJ Freeman sent the following on 4/28/2009 11:20 AM: >>>>> I know this has been discussed on the dev list. I would love to >>>>> provide >>>>> patches. I am guessing this has to be changed to a post, if I >>>>> understand >>>>> right. >>>>> >>>>> it seems most of the delete button in catalog section come up with >>>>> similar messages. >>>>> https://localhost:8443/catalog/control/promo_deleteProductStorePromoAppl?productStoreId=TestStore&productPromoId=9019&fromDate=2009-04-27%2015:11:56.0 >>>>> >>>>> >>>>> Error calling event: org.ofbiz.webapp.event.EventHandlerException: >>>>> Found >>>>> URL parameter [productStoreId] passed to secure (https) >>>>> request-map with >>>>> uri [promo_deleteProductStorePromoAppl] with an event that calls >>>>> service >>>>> [deleteProductStorePromoAppl]; this is not allowed for security >>>>> reasons! >>>>> The data should be encrypted by making it part of the request body (a >>>>> form field) instead of the request URL. >>>> >>>> -- >>>> BJ Freeman >>>> http://www.businessesnetwork.com/automation >>>> http://bjfreeman.elance.com >>>> http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro >>>> >>>> Systems Integrator. >>>> >>> >>> >> >> > > > -- BJ Freeman http://www.businessesnetwork.com/automation http://bjfreeman.elance.com http://www.linkedin.com/profile?viewProfile=&key=1237480&locale=en_US&trk=tab_pro Systems Integrator. |
Free forum by Nabble | Edit this page |