In fact, David answered this question when it was brought up the last time.
-Adrian
David E Jones wrote:
On Mar 26, 2009, at 12:58 PM, Bruno Busco wrote:
Hi,
when trying to select a different theme in the backoffice I get this.
The Following Errors Occurred:
Error calling event: org.ofbiz.webapp.event.EventHandlerException:
Found URL parameter [userPrefTypeId] passed to secure (https)
request-map with uri [setUserPreference] with an event that calls
service [setUserPreference]; this is not allowed for security reasons!
The data should be encrypted by making it part of the request body
instead of the request URL.
I know it is related to the recent secure url parameters passing
change but I do not know the new system enough to fix it.
The fix is easy, as has been discussed a bit, just change the link into
a hidden form that is submitted with a link.
For some examples of this done in FTL files checkout my recent commits
in the orderpaymentinfo.ftl file, like SVN rev 758512.
-David
