Hi all, Thanks Jacques, Taher and Nicolas mentioned our community rule, "a proper discussion".
I created an issue "Add method attribute to request-map to controll a uri can be called GET or POST only" a week ago: https://issues.apache.org/jira/browse/OFBIZ-10438 Thanks Mathieu, he submitted his patches very quickly while I was preparing mine. I tested them and submitted to trunk. Please be aware, the latest versions are r1834465 and r1834570, and the implement requires JDK 1.8. Is the implement acceptable for trunk? Further improvement to do? Would we backport it to releases? If it's not acceptable, I'll revert the implement. Kind Regards, Shi Jinghai -----邮件原件----- 发件人: Paul Foxworthy [mailto:p...@cohsoft.com.au] 发送时间: 2018年6月26日 19:31 收件人: dev@ofbiz.apache.org 主题: Re: svn commit: r1834389 - in /ofbiz/ofbiz-framework/trunk/framework: base/src/main/java/org/apache/ofbiz/base/util/collections/ webapp/config/ webapp/dtd/ webapp/src/main/java/org/apache/ofbiz/webapp/control/ webapp/src/test/java/org/apache/ofbiz/weba... On 26 June 2018 at 17:58, Taher Alkhateeb <slidingfilame...@gmail.com> wrote: > I could be mistaken, but this seems like a very major change that did > not have a thorough and proper discussion at the mailing list? I would > rather at least have an explanation of what was committed and to > discuss the merits and cons of the implementation. > Hi all, I haven't found the specific issue, but wasn't there a major change several years ago from GET to POST to help guard against XSS attacks? Cheers Paul Foxworthy -- Coherent Software Australia Pty Ltd PO Box 2773 Cheltenham Vic 3192 Australia Phone: +61 3 9585 6788 Web: http://www.coherentsoftware.com.au/ Email: i...@coherentsoftware.com.au
