[
https://issues.apache.org/jira/browse/OFBIZ-13231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17956588#comment-17956588
]
ASF subversion and git services commented on OFBIZ-13231:
---------------------------------------------------------
Commit c62443745d0baf3aff28508d28e745e6ddfa830a in ofbiz-framework's branch
refs/heads/release24.09 from Nicolas Malin
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=c62443745d ]
Fixed: Ajax request fail on restful page (OFBIZ-13231) (#889)
A problem was detected with some ajax call did by js script that failed
with error 405 like :
https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowser
Reason :
SetTimeZoneFromBrowser is a request define in common-controller.xml, so
available on all component. In js the call is realized by :
$.ajax({
url: "SetTimeZoneFromBrowser",
type: "POST",
async: false,...
Navigator use the relative url to execute the call. In general
case we have a page like
https://demo-next.ofbiz.apache.org/$component/control/$request , js
script realized their call with
https://demo-next.ofbiz.apache.org/$component/control/$request-js. Like
each request-js are present on common-controller.xml all component that
include it can response.
With rest url, the uri pattern is more complex and the script js
generate a relative call like we have upper :
_https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowse_.
The ControlServlet behind failed to retrieve the correct request and
generate a http error 405
To fix :
We remove all relative js call and create a dedicated webapp for that.
$.ajax({
url: "/common-js/control/SetTimeZoneFromBrowser",
type: "POST",
async: false,...
To pass through the authentification (we implement a new webapp), we
store a jwt token with the current userLogin after the authentification
that will use by common-ext to confirm authentification. This cookie is
available during all the session time.
For security reason, login cookie contains a jwt token generate with le
JWTManager ofbiz class.
> Ajax request fail on restful page
> ---------------------------------
>
> Key: OFBIZ-13231
> URL: https://issues.apache.org/jira/browse/OFBIZ-13231
> Project: OFBiz
> Issue Type: Bug
> Affects Versions: 24.09.01
> Reporter: Nicolas Malin
> Assignee: Nicolas Malin
> Priority: Major
> Labels: js, restful, uri
> Attachments: image-2025-05-05-14-38-46-707.png
>
>
> I detected a problem with some ajax call did by js script that failed with
> error 405 like :
> https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowser
> !image-2025-05-05-14-38-46-707.png!
> *Reason :*
> SetTimeZoneFromBrowser is a request define in common-controller.xml, so
> available on all component. In js the call is realize by :
> [code]
> $.ajax({
> url: "SetTimeZoneFromBrowser",
> type: "POST",
> async: false,...
> [code]
> So the navigator use the relative url to execute the call. In general case we
> have a page like
> _https://demo-next.ofbiz.apache.org/$component/control/$request_ so js script
> realized their call with
> _https://demo-next.ofbiz.apache.org/$component/control/$request-js_ . Like
> each _request-js_ are present on common-controller.xml all component that
> include it can response.
> With rest url, the uri pattern is more complex and the script js that
> generate a relative call like we have upper :
> _https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowse_.
> The ControlServlet behind failed to retrieve the correct request and generate
> a http error 405
> *How to fix :*
> we remove all relative js call and create a dedicate webapp for that.
> [code]
> $.ajax({
> url: "/common-js/control/SetTimeZoneFromBrowser",
> type: "POST",
> async: false,...
> [code]
> To pass through the authentification (we implement a new webapp), we store a
> jwt token with the current userLogin after the authentification that will use
> by common-ext to confirm authentification. This cookie is available during
> all the session time
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
