[ofbiz-plugins] branch release18.12 updated (fcbb750 -> a64dea4)

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a change to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git.


    from fcbb750  Fixed: Product Images not rendering on One Page Checkout (OFBIZ-11400)
     new d523744  Improved: POC for CSRF Token
     new 11250f2  Adds the meta CSRF token for Ajax
     new a64dea4  Reverted: Revert "Adds the meta CSRF token for Ajax"

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit d52374422ebab680461d50a9f1d8dd81611bdaef
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Fri Mar 27 14:43:52 2020 +0100

    Improved: POC for CSRF Token
   
    (OFBIZ-11306)
   
    There is no need to change it in common-controller because, apart the ecommerce
    application, there are no applications that requires an anonymous flow.
    It should be only changed in ecommerce controller.
---
 ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 40943b9..30d4efc 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
     </request-map>
 
     <request-map uri="getAssociatedStateList">
-        <security https="true" auth="false"/>
+        <security https="true" auth="false" csrf-token="false"/>
         <event type="service" invoke="getAssociatedStateList"/>
         <response name="success" type="request" value="json"/>
         <response name="error" type="request" value="json"/>

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit 11250f22d8dac1df399f04918ba90f89acfa8c6b
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Sat Mar 28 09:54:12 2020 +0100

    Adds the meta CSRF token for Ajax
---
 ecommerce/template/includes/HeaderHead.ftl | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 7400674..96da9d5 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,6 +25,11 @@ under the License.
 <head>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
+  <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
+    <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
+  </#if>
+  
   <title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
     : ${(productStore.storeName)!}
   </title>

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit a64dea4ffe38c70849a457aa755a496ef0a21b5e
Author: Jacques Le Roux <[hidden email]>
AuthorDate: Mon Apr 27 18:30:03 2020 +0200

    Reverted: Revert "Adds the meta CSRF token for Ajax"
   
    This reverts commit 11250f22d8dac1df399f04918ba90f89acfa8c6b.
   
    Revert "Improved: POC for CSRF Token"
   
    This reverts commit d52374422ebab680461d50a9f1d8dd81611bdaef.
   
    I forgot that I committed these changes in ecommerce w/o committing in framework
---
 ecommerce/template/includes/HeaderHead.ftl        | 5 -----
 ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/ecommerce/template/includes/HeaderHead.ftl b/ecommerce/template/includes/HeaderHead.ftl
index 96da9d5..7400674 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,11 +25,6 @@ under the License.
 <head>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-  <#assign csrfDefenseStrategy = Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security", "csrf.defense.strategy", delegator)>
-  <#if csrfDefenseStrategy != "org.apache.ofbiz.security.NoCsrfDefenseStrategy">
-    <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
-  </#if>
-  
   <title><#if title?has_content>${title}<#elseif titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
     : ${(productStore.storeName)!}
   </title>
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 30d4efc..40943b9 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
     </request-map>
 
     <request-map uri="getAssociatedStateList">
-        <security https="true" auth="false" csrf-token="false"/>
+        <security https="true" auth="false"/>
         <event type="service" invoke="getAssociatedStateList"/>
         <response name="success" type="request" value="json"/>
         <response name="error" type="request" value="json"/>