[ofbiz-framework] branch trunk updated (932e28d -> d0fceff)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a change to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git.


    from 932e28d  Improved: UI/UX issues found with Find Agreements screen(OFBIZ-10373)
     new e1f42f4  Improved: Format INSTALL as a standard texte file rather than an AsciiDoc file
     new 3c9fe5f  Improved: better message for host-headers-allowed
     new 15c8129  Improved: Put the AsciiDoc files in main repo under the web site (OFBIZ-11879)
     new d0fceff  Fixed: don't remove localhost from host-headers-allowed it was only for testing

The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 INSTALL                                            | 48 ++++++++++++----------
 build.gradle                                       | 10 +++++
 .../ofbiz/webapp/control/RequestHandler.java       |  6 ++-
 3 files changed, 40 insertions(+), 24 deletions(-)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit e1f42f4b8545fec6c4b9c6bed90e3f5fadcb666f
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Fri Jul 10 15:19:54 2020 +0200

    Improved: Format INSTALL as a standard texte file rather than an AsciiDoc file
---
 INSTALL | 48 ++++++++++++++++++++++++++----------------------
 1 file changed, 26 insertions(+), 22 deletions(-)

diff --git a/INSTALL b/INSTALL
index 4670969..647f59c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -3,7 +3,7 @@ is an Enterprise Resource Planning (ERP) System written in Java and houses a
 large set of libraries, entities, services and features to run all aspects of
 your business.
 
-== System requirements
+System requirements
 
 The only requirement to run OFBiz is to have the Java Development Kit (JDK)
 version 8 installed on your system (not just the JRE, but the full JDK) which
@@ -13,54 +13,58 @@ environment variable.
 https://adoptopenjdk.net/[JDK download]
 
 
-== Quick start
+Quick start
 
 To quickly install and fire-up OFBiz, please follow the below instructions from
 the command line at the OFBiz top level directory (folder).
 
-=== Download the Gradle wrapper:
+    Download the Gradle wrapper:
 
-MS Windows: init-gradle-wrapper
-Unix-like OS: ./gradle/init-gradle-wrapper
+        MS Windows: init-gradle-wrapper
+        Unix-like OS: ./gradle/init-gradle-wrapper
 
 
-=== Prepare OFBiz:
+    Prepare OFBiz:
 
-==== Clean system and load the complete OFBiz data
+         Clean system and load the complete OFBiz data
 _______________________________________________________________________________
 Note: Depending on your Internet connection speed it might take a long time
 for this step to complete if you are using OFBiz for the first time as it needs
 to download all dependencies. So please be patient!
 _______________________________________________________________________________
 
-MS Windows: gradlew cleanAll loadAll
-Unix-like OS: ./gradlew cleanAll loadAll
+            MS Windows: gradlew cleanAll loadAll
+            Unix-like OS: ./gradlew cleanAll loadAll
 
-=====Note:
-As the later step, to install without the demo data follow:
-(beware this is for development or production, not trying)
+            _______________________________________________________________________________
+            Note:
+            As a later step, to install without the demo data follow:
+            (beware this is for development or production, not trying)
 
-Windows: gradlew cleanAll "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin
-Unix-like OS: ./gradlew cleanAll "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin
+            Windows: gradlew cleanAll "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin
+            Unix-like OS: ./gradlew cleanAll "ofbiz --load-data readers=seed,seed-initial" loadAdminUserLogin -PuserLoginId=admin
 
-The OFBiz install will be empty, there will be no chart of accounts, no transactions, no products, no customers and no suppliers.
-You can't log to the E-Commerce Store. You will get: "A Product Store has not been defined for this ecommerce site. A Product Store can be created using the ofbizsetup wizard."
+            The OFBiz install will be empty, there will be no chart of accounts, no transactions, no products, no customers and no suppliers.
+            You can't log to the E-Commerce Store.
+            You will get: "A Product Store has not been defined for this ecommerce site.
+            A Product Store can be created using the ofbizsetup wizard."
+            _______________________________________________________________________________
 
-=== Start OFBiz:
+    Start OFBiz:
 
-MS Windows: gradlew ofbiz
-Unix-like OS: ./gradlew ofbiz
+        MS Windows: gradlew ofbiz
+        Unix-like OS: ./gradlew ofbiz
 
 _______________________________________________________________________________
 Note: Ignore the % progress indicator because this task does not end as long
 as OFBiz is running.
 _______________________________________________________________________________
 
-=== Visit OFBiz through your browser:
+    Visit OFBiz through your browser:
 
-https://localhost:8443/webtools
+    https://localhost:8443/webtools
 
-== Going further
+Going further
 To complete your installation and use OFBiz please read README.adoc
 You may prefer to read this AsciiDoc file in HTML format.
 For that simply follow:

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit 3c9fe5f91684de54570e6ec61575c11368a2ffd6
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sat Jul 11 09:30:59 2020 +0200

    Improved: better message for host-headers-allowed
   
    Adds an explanation about what to do when using own domain.
   
    Some users don't look into the log so it's better to set also the exception
    message in order for them to have it right at 1st glance.
---
 framework/security/config/security.properties                       | 2 +-
 .../main/java/org/apache/ofbiz/webapp/control/RequestHandler.java   | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties
index bf1d075..8a1d353 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -154,7 +154,7 @@ security.token.key=security.token.key
 
 # -- List of domains or IP addresses to be checked to prevent Host Header Injection,
 # -- no spaces after commas,no wildcard, can be extended of course...
-host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
+host-headers-allowed=127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
 
 # -- By default the SameSite value in SameSiteFilter is 'strict'.
 # -- This property allows to change to 'lax' if needed.
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 895265b..629b96e 100644
--- a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -214,8 +214,10 @@ public class RequestHandler {
             GenericValue userLogin, Delegator delegator) throws RequestHandlerException, RequestHandlerExceptionAllowExternalRequests {
 
         if (!hostHeadersAllowed.contains(request.getServerName())) {
-            Debug.logError("Domain " + request.getServerName() + " not accepted to prevent host header injection ", MODULE);
-            throw new RequestHandlerException("Domain " + request.getServerName() + " not accepted to prevent host header injection ");
+            Debug.logError("Domain " + request.getServerName() + " not accepted to prevent host header injection."
+                    + " You need to set host-headers-allowed property in security.properties file.", MODULE);
+            throw new RequestHandlerException("Domain " + request.getServerName() + " not accepted to prevent host header injection."
+                    + " You need to set host-headers-allowed property in security.properties file.");
         }
                 
         final boolean throwRequestHandlerExceptionOnMissingLocalRequest = EntityUtilProperties.propertyValueEqualsIgnoreCase(

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit 15c8129b03ad66a86c123c7cb37bfe4a8711acde
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sat Jul 11 09:45:49 2020 +0200

    Improved: Put the AsciiDoc files in main repo under the web site (OFBIZ-11879)
   
    We have AsciiDoc files in main repo and it would be better to have them also in
    HTML format under the web site: https://ci.apache.org/projects/ofbiz/site
   
    For that a new generateReadmeFiles is needed and new "readme" locations under
    each of https://ci.apache.org/projects/ofbiz/site "sub-dirs".
    We can create those from Buildbot like we did with INFRA-20311
---
 build.gradle | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/build.gradle b/build.gradle
index c81c5c5..205ab07 100644
--- a/build.gradle
+++ b/build.gradle
@@ -531,6 +531,16 @@ task deleteAllPluginsDocumentation {
 }
 
 
+task generateReadmeFiles(group: docsGroup, type: AsciidoctorTask) {
+    doFirst { delete "${buildDir}/asciidoc/readme" }
+    description 'Generate OFBiz README files'
+    sourceDir "${rootDir}"
+    sources {
+        include 'README.adoc', 'CHANGELOG.adoc', 'CONTRIBUTING.adoc'
+      }    
+    outputDir file("${buildDir}/asciidoc/readme/")
+}
+
 task generateOfbizDocumentation(group: docsGroup, type: AsciidoctorTask) {
     dependsOn deleteOfbizDocumentation
     description 'Generate OFBiz documentation manuals'

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git

commit d0fceffadda57dbe6e87398c47b4a575bc33137d
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sat Jul 11 09:57:56 2020 +0200

    Fixed: don't remove localhost from host-headers-allowed it was only for testing
---
 framework/security/config/security.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/security/config/security.properties b/framework/security/config/security.properties
index 8a1d353..bf1d075 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -154,7 +154,7 @@ security.token.key=security.token.key
 
 # -- List of domains or IP addresses to be checked to prevent Host Header Injection,
 # -- no spaces after commas,no wildcard, can be extended of course...
-host-headers-allowed=127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
+host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-old.ofbiz.apache.org
 
 # -- By default the SameSite value in SameSiteFilter is 'strict'.
 # -- This property allows to change to 'lax' if needed.