OFBiz OFBiz - Commits

svn commit: r1722379 - in /ofbiz/trunk: applications/marketing/src/org/ofbiz/marketing/tracking/ applications/order/src/org/ofbiz/order/shoppinglist/ applications/securityext/src/org/ofbiz/securityext/login/ framework/webapp/src/org/ofbiz/webapp/contro...

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Deepak Dixit-5
Reply | Threaded
Open this post in threaded view
|

svn commit: r1722379 - in /ofbiz/trunk: applications/marketing/src/org/ofbiz/marketing/tracking/ applications/order/src/org/ofbiz/order/shoppinglist/ applications/securityext/src/org/ofbiz/securityext/login/ framework/webapp/src/org/ofbiz/webapp/contro...

Deepak Dixit-5
Author: deepak
Date: Wed Dec 30 17:00:00 2015
New Revision: 1722379

URL: http://svn.apache.org/viewvc?rev=1722379&view=rev
Log:
(OFBIZ-6655) Reverted r1719762, as system fails to find the session cookie for ecommerce, will debug it in more detail but for now to fix this issue reverting r1719762.

Modified:
    ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
    ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
    ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java

Modified: ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java (original)
+++ ofbiz/trunk/applications/marketing/src/org/ofbiz/marketing/tracking/TrackingCodeEvents.java Wed Dec 30 17:00:00 2015
@@ -31,14 +31,14 @@ import org.ofbiz.base.util.Debug;
 import org.ofbiz.base.util.UtilDateTime;
 import org.ofbiz.base.util.UtilMisc;
 import org.ofbiz.base.util.UtilValidate;
+import org.ofbiz.webapp.stats.VisitHandler;
+import org.ofbiz.webapp.website.WebSiteWorker;
 import org.ofbiz.entity.Delegator;
 import org.ofbiz.entity.GenericEntityException;
 import org.ofbiz.entity.GenericValue;
 import org.ofbiz.entity.util.EntityQuery;
 import org.ofbiz.entity.util.EntityUtilProperties;
 import org.ofbiz.product.category.CategoryWorker;
-import org.ofbiz.webapp.stats.VisitHandler;
-import org.ofbiz.webapp.website.WebSiteWorker;
 
 /**
  * Events used for maintaining TrackingCode related information
@@ -228,8 +228,6 @@ public class TrackingCodeEvents {
             if (trackableLifetime.longValue() > 0) trackableCookie.setMaxAge(trackableLifetime.intValue());
             trackableCookie.setPath("/");
             if (cookieDomain.length() > 0) trackableCookie.setDomain(cookieDomain);
-            trackableCookie.setSecure(true);
-            trackableCookie.setHttpOnly(true);
             response.addCookie(trackableCookie);
         }
 
@@ -240,8 +238,6 @@ public class TrackingCodeEvents {
             if (billableLifetime.longValue() > 0) billableCookie.setMaxAge(billableLifetime.intValue());
             billableCookie.setPath("/");
             if (cookieDomain.length() > 0) billableCookie.setDomain(cookieDomain);
-            billableCookie.setSecure(true);
-            billableCookie.setHttpOnly(true);
             response.addCookie(billableCookie);
         }
 
@@ -268,17 +264,13 @@ public class TrackingCodeEvents {
                 siteIdCookie.setMaxAge(siteIdCookieAge);
                 siteIdCookie.setPath("/");
                 if (cookieDomain.length() > 0) siteIdCookie.setDomain(cookieDomain);
-                siteIdCookie.setSecure(true);
-                siteIdCookie.setHttpOnly(true);
-                response.addCookie(siteIdCookie);
+                    response.addCookie(siteIdCookie);
                 // if trackingCode.siteId is  not null  write a trackable cookie with name in the form: Ofbiz.TKCSiteId and timeout will be 60 * 60 * 24 * 365
                 Cookie updatedTimeStampCookie = new Cookie("Ofbiz.TKCD.UpdatedTimeStamp" ,UtilDateTime.nowTimestamp().toString());
                 updatedTimeStampCookie.setMaxAge(siteIdCookieAge);
                 updatedTimeStampCookie.setPath("/");
                 if (cookieDomain.length() > 0) updatedTimeStampCookie.setDomain(cookieDomain);
-                updatedTimeStampCookie.setSecure(true);
-                updatedTimeStampCookie.setHttpOnly(true);
-                response.addCookie(updatedTimeStampCookie);
+                    response.addCookie(updatedTimeStampCookie);
             }
         }
 

Modified: ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java (original)
+++ ofbiz/trunk/applications/order/src/org/ofbiz/order/shoppinglist/ShoppingListEvents.java Wed Dec 30 17:00:00 2015
@@ -669,8 +669,6 @@ public class ShoppingListEvents {
                 Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, autoSaveListId);
                 guestShoppingListCookie.setMaxAge(cookieAge);
                 guestShoppingListCookie.setPath("/");
-                guestShoppingListCookie.setSecure(true);
-                guestShoppingListCookie.setHttpOnly(true);
                 response.addCookie(guestShoppingListCookie);
             }
         }
@@ -694,8 +692,6 @@ public class ShoppingListEvents {
         Cookie guestShoppingListCookie = new Cookie(guestShoppingUserName, null);
         guestShoppingListCookie.setMaxAge(0);
         guestShoppingListCookie.setPath("/");
-        guestShoppingListCookie.setSecure(true);
-        guestShoppingListCookie.setHttpOnly(true);
         response.addCookie(guestShoppingListCookie);
         return "success";
     }

Modified: ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java (original)
+++ ofbiz/trunk/applications/securityext/src/org/ofbiz/securityext/login/LoginEvents.java Wed Dec 30 17:00:00 2015
@@ -430,8 +430,6 @@ public class LoginEvents {
                 cookie.setMaxAge(60 * 60 * 24 * 365);
                 cookie.setPath("/");
                 cookie.setDomain(domain);
-                cookie.setSecure(true);
-                cookie.setHttpOnly(true);
                 response.addCookie(cookie);
             }
         }

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Wed Dec 30 17:00:00 2015
@@ -763,8 +763,6 @@ public class LoginWorker {
             autoLoginCookie.setMaxAge(60 * 60 * 24 * 365);
             autoLoginCookie.setDomain(domain);
             autoLoginCookie.setPath("/");
-            autoLoginCookie.setSecure(true);
-            autoLoginCookie.setHttpOnly(true);
             response.addCookie(autoLoginCookie);
             return autoLoginCheck(delegator, session, userLogin.getString("userLoginId"));
         } else {
@@ -835,8 +833,6 @@ public class LoginWorker {
             Cookie autoLoginCookie = new Cookie(getAutoLoginCookieName(request), userLogin.getString("userLoginId"));
             autoLoginCookie.setMaxAge(0);
             autoLoginCookie.setPath("/");
-            autoLoginCookie.setSecure(true);
-            autoLoginCookie.setHttpOnly(true);
             response.addCookie(autoLoginCookie);
         }
         // remove the session attributes

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/RequestHandler.java Wed Dec 30 17:00:00 2015
@@ -1000,7 +1000,7 @@ public class RequestHandler {
                 resp.addHeader("strict-transport-security", strictTransportSecurity);
             }
         } else {
-            if (EntityUtilProperties.getPropertyAsBoolean("requestHandler", "strict-transport-security", true)) {
+            if (EntityUtilProperties.getPropertyAsBoolean("requestHandler", "strict-transport-security", true)) { // FIXME later pass req.getAttribute("delegator") as last argument
                 resp.addHeader("strict-transport-security", "max-age=31536000; includeSubDomains");
             }
         }
@@ -1016,17 +1016,6 @@ public class RequestHandler {
         // https://wiki.mozilla.org/Security/Features/XSS_Filter 
         // https://bugzilla.mozilla.org/show_bug.cgi?id=528661
         resp.addHeader("X-XSS-Protection","1; mode=block");
-        
-        String setCookie = resp.getHeader("set-cookie");
-        if (UtilValidate.isNotEmpty(setCookie)) {
-            setCookie = setCookie.toLowerCase();
-            if (!setCookie.contains("secure")) {
-            resp.setHeader("set-cookie", setCookie + "; secure;"); // Adds a ";" trail to be sure to separate things
-            }
-            if (!setCookie.contains("httponly")) {
-                resp.setHeader("set-cookie", setCookie + "; httponly;"); // Adds a ";" trail to be sure to separate things
-            }
-        }
 
         try {
             if (Debug.verboseOn()) Debug.logVerbose("Rendering view [" + nextPage + "] of type [" + viewMap.type + "]", module);

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java?rev=1722379&r1=1722378&r2=1722379&view=diff
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/stats/VisitHandler.java Wed Dec 30 17:00:00 2015
@@ -271,8 +271,6 @@ public class VisitHandler {
                             Cookie visitorCookie = new Cookie(visitorCookieName, visitor.getString("visitorId"));
                             visitorCookie.setMaxAge(60 * 60 * 24 * 365);
                             visitorCookie.setPath("/");
-                            visitorCookie.setSecure(true);
-                            visitorCookie.setHttpOnly(true);
                             response.addCookie(visitorCookie);
                         }
                     }


Free forum by Nabble Edit this page