Like add Billing/shipping address while anon checkout, New customer registration etc.
Thanks & Regards -- Deepak Dixit ofbiz.apache.org On Mon, Mar 16, 2020 at 1:14 PM Jacques Le Roux < jacques.le.r...@les7arts.com> wrote: > Hi Deepak, > > Yes, I wondered about that too, but in which case/s do you think > getAssociatedStateList can be requested w/o being authenticated? > > Thanks > > Jacques > Le 16/03/2020 à 06:49, Deepak Dixit a écrit : > > Hi Jacques, > > I think we can't make auth true for getAssociatedStateList, this will > break the anon checkout flow. > > Thanks & Regards > -- > Deepak Dixit > ofbiz.apache.org > > > On Sat, Mar 14, 2020 at 1:19 PM <jler...@apache.org> wrote: > >> This is an automated email from the ASF dual-hosted git repository. >> >> jleroux pushed a commit to branch trunk >> in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git >> >> >> The following commit(s) were added to refs/heads/trunk by this push: >> new e72e134 Improved: "auth" should be true for all the request url >> used for Application components >> e72e134 is described below >> >> commit e72e1348c13f892cfbd3ffdb78f536c4e4aa6b68 >> Author: Jacques Le Roux <jacques.le.r...@les7arts.com> >> AuthorDate: Sat Mar 14 08:49:54 2020 +0100 >> >> Improved: "auth" should be true for all the request url used for >> Application >> components >> >> (OFBIZ-4956) >> >> Currently there are some URLs present in application components with >> auth="false". So anyone can hit these URLs and access these resources >> without >> authorization. >> >> I think all the URLs should be secure with auth="true" >> >> Thanks: Amardeep Singh Jhajj for report and initial fix >> --- >> ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml >> b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml >> index 5f7031c..27a0383 100644 >> --- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml >> +++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml >> @@ -1605,7 +1605,7 @@ under the License. >> </request-map> >> >> <request-map uri="getAssociatedStateList"> >> - <security https="true" auth="false"/> >> + <security https="true" auth="true"/> >> <event type="service" invoke="getAssociatedStateList"/> >> <response name="success" type="request" value="json"/> >> <response name="error" type="request" value="json"/> >> >>