This is an automated email from the ASF dual-hosted git repository. jleroux pushed a commit to branch release18.12 in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit d52374422ebab680461d50a9f1d8dd81611bdaef Author: Jacques Le Roux <[email protected]> AuthorDate: Fri Mar 27 14:43:52 2020 +0100 Improved: POC for CSRF Token (OFBIZ-11306) There is no need to change it in common-controller because, apart the ecommerce application, there are no applications that requires an anonymous flow. It should be only changed in ecommerce controller. --- ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml index 40943b9..30d4efc 100644 --- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml +++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml @@ -1605,7 +1605,7 @@ under the License. </request-map> <request-map uri="getAssociatedStateList"> - <security https="true" auth="false"/> + <security https="true" auth="false" csrf-token="false"/> <event type="service" invoke="getAssociatedStateList"/> <response name="success" type="request" value="json"/> <response name="error" type="request" value="json"/>
