[ofbiz-plugins] 03/03: Reverted: Revert "Adds the meta CSRF token for Ajax"

Mon, 27 Apr 2020 09:30:25 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git

commit a64dea4ffe38c70849a457aa755a496ef0a21b5e
Author: Jacques Le Roux <[email protected]>
AuthorDate: Mon Apr 27 18:30:03 2020 +0200

    Reverted: Revert "Adds the meta CSRF token for Ajax"
    
    This reverts commit 11250f22d8dac1df399f04918ba90f89acfa8c6b.
    
    Revert "Improved: POC for CSRF Token"
    
    This reverts commit d52374422ebab680461d50a9f1d8dd81611bdaef.
    
    I forgot that I committed these changes in ecommerce w/o committing in 
framework
---
 ecommerce/template/includes/HeaderHead.ftl        | 5 -----
 ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/ecommerce/template/includes/HeaderHead.ftl 
b/ecommerce/template/includes/HeaderHead.ftl
index 96da9d5..7400674 100644
--- a/ecommerce/template/includes/HeaderHead.ftl
+++ b/ecommerce/template/includes/HeaderHead.ftl
@@ -25,11 +25,6 @@ under the License.
 <head>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
-  <#assign csrfDefenseStrategy = 
Static["org.apache.ofbiz.entity.util.EntityUtilProperties"].getPropertyValue("security",
 "csrf.defense.strategy", delegator)>
-  <#if csrfDefenseStrategy != 
"org.apache.ofbiz.security.NoCsrfDefenseStrategy">
-    <meta name="csrf-token" content="<@csrfTokenAjax/>"/>
-  </#if>
-  
   <title><#if title?has_content>${title}<#elseif 
titleProperty?has_content>${uiLabelMap.get(titleProperty)}</#if>
     : ${(productStore.storeName)!}
   </title>
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml 
b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 30d4efc..40943b9 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
     </request-map>
 
     <request-map uri="getAssociatedStateList">
-        <security https="true" auth="false" csrf-token="false"/>
+        <security https="true" auth="false"/>
         <event type="service" invoke="getAssociatedStateList"/>
         <response name="success" type="request" value="json"/>
         <response name="error" type="request" value="json"/>

Reply via email to