[
https://issues.apache.org/jira/browse/OFBIZ-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-11349:
------------------------------------
Summary: The "stream" request-map in ecommerce and commonext controllers require authentication (was: Put back the "stream" request-map in ecommerce controller)
> The "stream" request-map in ecommerce and commonext controllers require authentication
> --------------------------------------------------------------------------------------
>
> Key: OFBIZ-11349
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11349> Project: OFBiz
> Issue Type: Bug
> Components: ecommerce
> Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12
> Reporter: Jacques Le Roux
> Priority: Major
>
> For security reason, the "stream" request-map
> # in ecommerce controller have been temporarily commented out.
> # in commonext controller has been changed to require authentication.
> We will need to
> # put back the functionnalities allowed by the "stream" request-map in ecommerce .
> # later check that mandatory authentication in commonext controller no impact.
> *Eventually it turned out that we simply needed to require authentication in both cases (back and front ends). Because in ecommerce/ecomseo webapps the stream request is only used to post images in blog entries an you need to be logged in to do so.*
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
