On Mar 26, 2009, at 12:58 PM, Bruno Busco wrote:
Hi, when trying to select a different theme in the backoffice I get this. The Following Errors Occurred: Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [userPrefTypeId] passed to secure (https) request-map with uri [setUserPreference] with an event that calls service [setUserPreference]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body instead of the request URL. I know it is related to the recent secure url parameters passing change but I do not know the new system enough to fix it.
The fix is easy, as has been discussed a bit, just change the link into a hidden form that is submitted with a link.
For some examples of this done in FTL files checkout my recent commits in the orderpaymentinfo.ftl file, like SVN rev 758512.
-David
