Re: Shipping data duplicated

2018-10-08 Thread Rishi Solanki
Thanks Jacques for your reply and Jira ticket. I'll take care of it asap. -- Rishi Solanki Sr Manager, Enterprise Software Development HotWax Systems Pvt. Ltd. Direct: +91-9893287847 http://www.hotwaxsystems.com www.hotwax.co On Mon, Oct 8, 2018 at 2:49 PM jler...@apache.org wrote: > Hi Rishi,

Re: Missing Security Headers in CMS Events

2018-10-08 Thread Jacques Le Roux
+1 Jacques Le 08/10/2018 à 10:23, Deepak Dixit a écrit : In RequestHandler they are added to the renderView method, I think these should move to another place as if the controller uses any other type instead view these headers will not be added to the response. Also we can add a separate meth

Re: Shipping data duplicated

2018-10-08 Thread jler...@apache.org
Hi Rishi, Inline... Le 22/09/2018 à 12:34, Rishi Solanki a écrit : Jacques, Thanks for more insights. IMO, we should rename the files as you suggested and also add some description in the file so that we won't confuse by this in future. And also we should keep the duplicate data as well, becau

[DISCUSSION] How can we make OFBiz more appealing to adopters and (new) contributors?

2018-10-08 Thread Pierre Smits
Over the past two years we started on several paths to make OFBiz better. We started with several refactoring endeavours, we initiated a new way of documenting, etc. But what strategic choices would benefit the project too? - would opening up our repos more to git (GitHub) help us attract more con

Re: Missing Security Headers in CMS Events

2018-10-08 Thread Deepak Nigam
Thank you, all. Here is the Jira ticket for the same. FYI, I have included cache related properties also in the Jira ticket. Thanks & Regards -- Deepak Nigam HotWax Systems Pvt. Ltd. On Mon, Oct 8, 2018 at 1:53 PM Deepak Dixit wrote: > In Req

Re: Missing Security Headers in CMS Events

2018-10-08 Thread Deepak Dixit
In RequestHandler they are added to the renderView method, I think these should move to another place as if the controller uses any other type instead view these headers will not be added to the response. Also we can add a separate method in UtiHttp similar to setResponseBrowserProxyNoCache that w

Re: Missing Security Headers in CMS Events

2018-10-08 Thread jler...@apache.org
Good catch Deepak, A Jira fits Jacques Le 08/10/2018 à 07:02, Deepak Nigam a écrit : Hello All, While rendering the view through the controller request we set the important security headers like x-frame-options, strict-transport-security, x-content-type-options, X-XSS-Protection and Referrer

Re: Missing Security Headers in CMS Events

2018-10-08 Thread jler...@apache.org
They are put in in RequesHandler. There is a "Security header" block Jacques Le 08/10/2018 à 09:17, Taher Alkhateeb a écrit : Hi Deepak, Sounds good. Are these headers applied everywhere except CMS? If no then why not apply them everywhere? On Mon, Oct 8, 2018, 9:03 AM Deepak Nigam wrote:

Re: Missing Security Headers in CMS Events

2018-10-08 Thread Taher Alkhateeb
Hi Deepak, Sounds good. Are these headers applied everywhere except CMS? If no then why not apply them everywhere? On Mon, Oct 8, 2018, 9:03 AM Deepak Nigam wrote: > Hello All, > > While rendering the view through the controller request we set the > important security headers like x-frame-opti