Angelo,
This issue should be addressed in SVN rev 763855. Please read the
commit log as deploying in this way is not recommended as it opens a
security hole.
Also, as a general recommendation for future reference so that your
feedback and requests are better received: if you find an issue report
it in as much detail as possible (including steps to reproduce, what
you expected to happen, and what actually happened including EXACT
error message quotes, along with whatever you find about it), and do
so by creating an issue in Jira. That way you won't have to send the
same complaint over and over, and we won't have to guess about what
you're seeing and what is happening.
Anyway, thanks for reporting this and I hope your experience is
overall good with OFBiz!
-David
On Apr 9, 2009, at 2:33 AM, Angelo Matarazzo wrote:
Hi Jacques,
I understood the problem.
I have looked at RequestHandler.java line 184.
At line 179 there is if (!request.isSecure() &&
requestMap.securityHttps).
Now with "http://localhost:8080" request.isSecure() is "false" but
requestMap.securityHttps depends on ConfigXMLReader.java at line 384
'this.securityHttps =
"true".equals(securityElement.getAttribute("https"));'
In your opinion is it good idea change ConfigXMLReader.java in this
way?
- if (securityElement != null) {
- this.securityHttps =
"true".equals(securityElement.getAttribute("https"));
+boolean useHttpsDefault =
UtilProperties.propertyValueEqualsIgnoreCase("url.properties",
"port.https.enabled", "Y");
+if (securityElement != null) {
+ if (useHttpsDefault))
this.securityHttps =
"true".equals(securityElement.getAttribute("https"));
+
+ else {
+ this.securityHttps = false;
+ }
Thanks,
Angelo
jacques.le.roux wrote:
After the changes recently introduced. The campaign to secure URLs
for
link, hyperlink and sub-hyperlink is now finished.
Please report any related errors you may cross
Thanks
Jacques
--
View this message in context:
http://www.nabble.com/Secure-URLs-end-for-link%2C-hyperlink-and-sub-hyperlink-tp22894715p22966638.html
Sent from the OFBiz - User mailing list archive at Nabble.com.