Thanks for the reply David, yes my present work concerns with return
created for the order. I will take the reference from the changes made
earlier to fix this.
-
Deepesh
David E Jones wrote:
Yes, I did expect questions about this, but not so much from
developers...
To fix this the link needs to be changed into a form so that the
parameters are encrypted (more secure from snooping, spoofing, etc).
There has been significant discussion around this point, and changes
made in various places to fix this, so there are quite a few examples.
Is that something you are working on?
-David
On Mar 23, 2009, at 12:37 AM, Deepesh Kapoor wrote:
Hello All,
I am working on latest OFBiz rev. After creating Sales order when i
try to "Quick Ship Entire Order" in order to proceed further and
create Return an Error occurs in ServiceEventHandler.java
Found URL parameter [orderId] passed to secure (https) request-map
with uri [quickShipOrder] with an event that calls service
[quickShipEntireOrder]; this is not allowed for security reasons! The
data should be encrypted by making it part of the request body
instead of the request URL.
There has been a recent commit in ServiceEventHandler.java and David
is expecting questions/comments after this, so here is my bit :-)
Thanks & Regards
- -
Deepesh
