svn commit: r1763878 - /ofbiz/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/ServiceEventHandler.java

Sat, 08 Oct 2016 02:11:43 -0700 

Author: jleroux
Date: Sat Oct  8 09:11:26 2016
New Revision: 1763878

URL: http://svn.apache.org/viewvc?rev=1763878&view=rev
Log:
No functional change: makes a comment easier to read

Modified:
    
ofbiz/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/ServiceEventHandler.java

Modified: 
ofbiz/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/ServiceEventHandler.java
URL: 
http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/ServiceEventHandler.java?rev=1763878&r1=1763877&r2=1763878&view=diff
==============================================================================
--- 
ofbiz/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/ServiceEventHandler.java
 (original)
+++ 
ofbiz/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/ServiceEventHandler.java
 Sat Oct  8 09:11:26 2016
@@ -397,7 +397,8 @@ public class ServiceEventHandler impleme
 
     public static void checkSecureParameter(RequestMap requestMap, Set<String> 
urlOnlyParameterNames, String name, HttpSession session, String serviceName, 
Delegator delegator) throws EventHandlerException {
         // special case for security: if this is a request-map defined as 
secure in controller.xml then only accept body parameters coming in, ie don't 
allow the insecure URL parameters
-        // NOTE: the RequestHandler will check the HttpSerletRequest security 
to make sure it is secure if the request-map -> security -> https=true, but we 
can't just look at the request.isSecure() method here because it is allowed to 
send secure requests for request-map with https=false
+        // NOTE: the RequestHandler will check the HttpSerletRequest security 
to make sure it is secure if the request-map -> security -> https=true, 
+        // but we can't just look at the request.isSecure() method here 
because it is allowed to send secure requests for request-map with https=false
         if (requestMap != null && requestMap.securityHttps) {
             if (urlOnlyParameterNames.contains(name)) {
                 String errMsg = "Found URL parameter [" + name + "] passed to 
secure (https) request-map with uri ["

Reply via email to