OFBiz OFBiz - Notifications

[jira] [Updated] (OFBIZ-11349) Put back the "stream" request-map in ecommerce controller

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (OFBIZ-11349) Put back the "stream" request-map in ecommerce controller

Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-11349:
------------------------------------
    Description:
For security reason, the "stream" request-map
# in ecommerce controller have been temporarily commented out.
# in commonext controller has been changed to require authentication.

We will need to
# put back the functionnalities allowed by the "stream" request-map in ecommerce .
# later check that mandatory authentication in commonext controller no impact.

*Eventually it turned out that we simply needed to require authentication in both cases (back and front ends). Because in ecommerce/ecomseo webapps the stream request is only used to post images in blog entries an you need to be logged in to do so.*

  was:
For security reason, the "stream" request-map
# in ecommerce controller have been temporarily commented out.
# in commonext controller has been changed to require authentication.

We will need to
# put back the functionnalities allowed by the "stream" request-map in ecommerce .
# later check that mandatory authentication in commonext controller no impact.


> Put back the "stream" request-map in ecommerce controller
> ---------------------------------------------------------
>
>                 Key: OFBIZ-11349
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11349
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ecommerce
>    Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12
>            Reporter: Jacques Le Roux
>            Priority: Major
>
> For security reason, the "stream" request-map
> # in ecommerce controller have been temporarily commented out.
> # in commonext controller has been changed to require authentication.
> We will need to
> # put back the functionnalities allowed by the "stream" request-map in ecommerce .
> # later check that mandatory authentication in commonext controller no impact.
> *Eventually it turned out that we simply needed to require authentication in both cases (back and front ends). Because in ecommerce/ecomseo webapps the stream request is only used to post images in blog entries an you need to be logged in to do so.*



--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Free forum by Nabble Edit this page