This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release24.09
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release24.09 by this push:
new 2b873ab020 Implemented: Move ofbizdocker user from current VM to a new
one that uses Ubuntu 24.04 LTS (OFBIZ-13351)
2b873ab020 is described below
commit 2b873ab0208abac37b349971bd17d52f3c1451ae
Author: Jacques Le Roux <[email protected]>
AuthorDate: Thu Feb 5 20:15:03 2026 +0100
Implemented: Move ofbizdocker user from current VM to a new one that uses
Ubuntu 24.04 LTS (OFBIZ-13351)
Currently we get this:
org.apache.ofbiz.webapp.control.RequestHandlerException:
Domain demo-trunk.ofbiz-test.apache.org not accepted to prevent host header
injection. You need to set host-headers-allowed property in
security.properties file.
This should fix it
---
framework/security/config/security.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/security/config/security.properties
b/framework/security/config/security.properties
index ed54eb65cb..4a4e7bfdcb 100644
--- a/framework/security/config/security.properties
+++ b/framework/security/config/security.properties
@@ -160,7 +160,7 @@
security.token.key=%D*G-JaNdRgUkXp2s5v8y/B?E(H+MbPeShVmYq3t6w9z$C&F)J@NcRfTjWnZr
# -- List of domains or IP addresses to be checked to prevent Host Header
Injection,
# -- no spaces after commas,no wildcard, can be extended of course...
-host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-next.ofbiz.apache.org
+host-headers-allowed=localhost,127.0.0.1,demo-trunk.ofbiz.apache.org,demo-stable.ofbiz.apache.org,demo-next.ofbiz.apache.org,demo-trunk.ofbiz-test.apache.org,demo-stable-test.ofbiz.apache.org,demo-next.ofbiz-test.apache.org
# -- By default the SameSite value in SameSiteFilter is 'strict'.
# -- This property allows to change to 'lax' if needed.
