This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new a8c5c84 Fixed: CLONE - Use only HTTPS in OFBiz
a8c5c84 is described below
commit a8c5c84cec1b1204d4aeb65eed68505f402410ef
Author: Jacques Le Roux <
[hidden email]>
AuthorDate: Mon May 4 13:10:17 2020 +0200
Fixed: CLONE - Use only HTTPS in OFBiz
(OFBIZ-11643)
When doing OFBIZ-6849 I forgot to take care of the https attribute of the
security element used in controllers.
It's not used anymore since we used HTTPS everywhere but in request listed in
http.request-map.list property of url.properties. It's even enforced by HSTS for
requests that are not listed in this property.
This removes the https attribute and removes its usage in in controllers.
---
framework/webapp/config/url.properties | 2 +-
framework/webapp/dtd/site-conf.xsd | 7 -------
framework/webtools/webapp/webtools/WEB-INF/controller.xml | 2 --
3 files changed, 1 insertion(+), 10 deletions(-)
diff --git a/framework/webapp/config/url.properties b/framework/webapp/config/url.properties
index 15d0f53..08cb9c5 100644
--- a/framework/webapp/config/url.properties
+++ b/framework/webapp/config/url.properties
@@ -22,7 +22,7 @@
# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS (also enforced by a HSTS header) except if put in the http.request-map.list
no.http=Y
-http.request-map.list=SOAPService,xmlrpc,viewShipmentLabel
+http.request-map.list=SOAPService,xmlrpc,viewShipmentLabel,worldPayNotify,payPalNotify
# HTTPS Port (Secure port)
port.https.enabled=Y
diff --git a/framework/webapp/dtd/site-conf.xsd b/framework/webapp/dtd/site-conf.xsd
index 01d0046..a9aa64d 100644
--- a/framework/webapp/dtd/site-conf.xsd
+++ b/framework/webapp/dtd/site-conf.xsd
@@ -267,13 +267,6 @@ under the License.
</xs:complexType>
</xs:element>
<xs:attributeGroup name="attlist.security">
- <xs:attribute type="xs:boolean" name="https" default="false">
- <xs:annotation>
- <xs:documentation>
- If https=true, redirect to/use/generate the secured HTTPS protocol if necessary and possible.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
<xs:attribute type="xs:boolean" name="auth" default="false">
<xs:annotation>
<xs:documentation>
diff --git a/framework/webtools/webapp/webtools/WEB-INF/controller.xml b/framework/webtools/webapp/webtools/WEB-INF/controller.xml
index 72eec1e..74ae02b 100644
--- a/framework/webtools/webapp/webtools/WEB-INF/controller.xml
+++ b/framework/webtools/webapp/webtools/WEB-INF/controller.xml
@@ -92,13 +92,11 @@ under the License.
<response name="error" type="none"/>
</request-map>
<request-map uri="SOAPService">
- <security https="false"/>
<event type="soap"/>
<response name="error" type="none"/>
<response name="success" type="none"/>
</request-map>
<request-map uri="xmlrpc" track-serverhit="false" track-visit="false">
- <security https="false"/>
<event type="xmlrpc"/>
<response name="error" type="none"/>
<response name="success" type="none"/>
Locked
