OFBiz OFBiz - Notifications

[jira] [Commented] (OFBIZ-11329) setUserTimeZone should use Get rather than POST

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-11329) setUserTimeZone should use Get rather than POST

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-11329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17025839#comment-17025839 ]

Jacques Le Roux commented on OFBIZ-11329:
-----------------------------------------

Hi James,

You are right, and it's a bit more complicated than that. Because starting from a clean state (nothing in sessionStorage) setting the method to SET and getting to https://localhost:8443/catalog/control/main gives me this in log:

{noformat}
2020-01-29 11:19:47,800 |jsse-nio-8443-exec-7 |ControlServlet                |T| [[[catalog::main (Domain:https://localhost)] Request Begun, encoding=[UTF-8]- total:0.0,since last(Begin):0.0]]
2020-01-29 11:19:47,863 |jsse-nio-8443-exec-7 |ConfigXMLReader               |I| controller loaded: 0.0s, 0 requests, 0 views in file:/C:/projectsASF/Git/ofbiz-framework/framework/common/webcommon/WEB-INF/handlers-controller.xml
2020-01-29 11:19:47,863 |jsse-nio-8443-exec-7 |ConfigXMLReader               |I| controller loaded: 0.018s, 49 requests, 21 views in file:/C:/projectsASF/Git/ofbiz-framework/framework/common/webcommon/WEB-INF/common-controller.xml
2020-01-29 11:19:47,881 |jsse-nio-8443-exec-7 |ConfigXMLReader               |I| controller loaded: 0.0s, 26 requests, 10 views in file:/C:/projectsASF/Git/ofbiz-framework/framework/common/webcommon/WEB-INF/portal-controller.xml
2020-01-29 11:19:47,898 |jsse-nio-8443-exec-7 |ConfigXMLReader               |I| controller loaded: 0.0s, 4 requests, 0 views in file:/C:/projectsASF/Git/ofbiz-framework/applications/commonext/webapp/WEB-INF/controller.xml
2020-01-29 11:19:47,903 |jsse-nio-8443-exec-7 |ConfigXMLReader               |I| controller loaded: 0.077s, 539 requests, 178 views in file:/C:/projectsASF/Git/ofbiz-framework/applications/product/webapp/catalog/WEB-INF/controller.xml
2020-01-29 11:19:47,907 |jsse-nio-8443-exec-7 |RequestHandler                |I| Rendering View [login].  Hidden sessionId by default.
2020-01-29 11:19:47,917 |jsse-nio-8443-exec-7 |ScreenFactory                 |I| Got 26 screens in 0.006s from: file:/C:/projectsASF/Git/ofbiz-framework/framework/common/widget/CommonScreens.xml
2020-01-29 11:19:48,094 |jsse-nio-8443-exec-7 |ScreenFactory                 |I| Got 25 screens in 0.007s from: file:/C:/projectsASF/Git/ofbiz-framework/themes/common-theme/widget/CommonScreens.xml
2020-01-29 11:19:48,101 |jsse-nio-8443-exec-7 |ScreenFactory                 |I| Got 16 screens in 0.007s from: file:/C:/projectsASF/Git/ofbiz-framework/applications/product/widget/catalog/CommonScreens.xml
2020-01-29 11:19:48,108 |jsse-nio-8443-exec-7 |ScreenFactory                 |I| Got 1 screens in 0.006s from: file:/C:/projectsASF/Git/ofbiz-framework/applications/commonext/widget/CommonScreens.xml
2020-01-29 11:19:48,108 |jsse-nio-8443-exec-7 |PrimaryKeyFinder              |I| Returning null because found incomplete primary key in find: [GenericEntity:PartyNameView][partyId,null()]
2020-01-29 11:19:48,189 |jsse-nio-8443-exec-7 |ServiceDispatcher             |T| Sync service [catalog/getLastSystemInfoNote] finished in [11] milliseconds
2020-01-29 11:19:48,219 |jsse-nio-8443-exec-7 |ServerHitBin                  |I| Visit delegatorName=default, ServerHitBin delegatorName=default
2020-01-29 11:19:48,220 |jsse-nio-8443-exec-7 |ControlServlet                |T| [[[catalog::main (Domain:https://localhost)] Request Done- total:0.42,since last([catalog::main (D...):0.42]]
2020-01-29 11:19:52,168 |jsse-nio-8443-exec-8 |ControlServlet                |T| [[[catalog::SetTimeZoneFromBrowser (Domain:https://localhost)] Request Begun, encoding=[UTF-8]- total:0.0,since last(Begin):0.0]]
2020-01-29 11:19:52,202 |jsse-nio-8443-exec-8 |ControlServlet                |I| Going to external page: /SetTimeZoneFromBrowser
2020-01-29 11:19:52,202 |jsse-nio-8443-exec-8 |ControlServlet                |E| An error occurred, going to the errorPage: file:/C:/projectsASF/Git/ofbiz-framework/framework/common/webcommon/error/Error.ftl
2020-01-29 11:19:52,219 |jsse-nio-8443-exec-8 |ServerHitBin                  |I| Visit delegatorName=default, ServerHitBin delegatorName=default
2020-01-29 11:19:52,221 |jsse-nio-8443-exec-8 |ControlServlet                |T| [[[catalog::SetTimeZoneFromBrowser (Domain:https://localhost)] Request Done- total:0.052,since last([catalog::SetTime...):0.052]]
{noformat}

I thought it was OK. But actually this is before signing in. So there is no userLogin to store the lastTimeZone field SetTimeZoneFromBrowser.groovy. So it's wrong for this reason. Because lastTimeZone will never be stored in userLogin since it's bypassed once SetTimeZoneFromBrowser as been set to "done" in sessionStorage. I need to find another solution, because when we use POST as reported in OFBIZ-11306 we have :

bq. SetTimeZoneFromBrowser when starting: org.apache.ofbiz.webapp.control.RequestHandlerException: Invalid or missing CSRF token for AJAX call to path '/SetTimeZoneFromBrowser'. Also not only when starting.


> setUserTimeZone should use Get rather than POST
> -----------------------------------------------
>
>                 Key: OFBIZ-11329
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11329
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework, webpos
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>
> This will be useful when committing CSRF solution as explained in OFBIZ-11306



--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Free forum by Nabble Edit this page