From: "David E Jones" <david.jo...@hotwaxmedia.com>
On Apr 28, 2009, at 12:53 AM, Jacques Le Roux wrote:
Also as David pointed out, they should be used only with requests using https
since now they are always secured.
Actually no, I didn't say that, I said: "Along with that, they should require https or not depending on the other requests they
are working with." You can see that quote below. In general if you re-read what I wrote I was recommending against having such
generic requests and using some specific to the set of screens being created.
I understood what you said, but I don't understand why. What are we missing ?
Hans introduced this functionnality at r758522. He wrote
<<5. added 'save-home' and save 'current' in the same pattern as 'save-last'
function in the controler.xml
6. added 'view-home' in the same pattern as 'view-last'>>
I see 'view-home' as a fast-reward (I mean like back to 1st page if you prefer).
Are you afraid that if people use several process (browsers's tabs or windows) they could mix their "home" (1st page) and end in odd
results. Actually this may happen but apart that I don't see any other problems.
Jacques
-David
So they are ok for backend (is there any exceptions in backend where we dont secure URIs ?) but not for eCommerce for instance.
We could have also the pair not secured for these cases, like backHomeS and backLastS for these one and backHome and backLast
for the non secured pair. Then al this could be set in common-controller. Though beware, some links are secured in eCommerce
too, like checking out for instance...
My 2 cts
Jacques
From: "Hans Bakker" <mailingl...@antwebsystems.com>
I was wrong that it was not used, (forgot about it, wrote it myself)
it is currently used in the create contact mechanisms in the party
profile and in the mean time i have put it back with security as jacques
pointed out.
regards,
Hans
On Mon, 2009-04-27 at 19:55 +0200, Malin Nicolas wrote:
Hans Bakker a écrit :
> but do not waste too much time on this, they are not used
anywhere.....
>
I thinks the view-last and view-home is good to manage user screen
process. On many case, we have some user who do a search and operate
some data modification. After operate their modification, they whant
return to the last search result.
Example, you list customer that missing last name, and for each put
missed field. Actualy you need, do the search, select customer, save tel
number, return to search, do the search.
With view-last we can do :
make the search, select customer, save tel number, select customer, save
tel number, ...
I try to implement this with view-last but if we call with request we
have some previous parameters that break the last search, and if we call
with reques-redirect, we lost security.
If you add security on new uri backLast when can do that.
Nicolas
> On Sat, 2009-04-25 at 19:10 -0600, David E Jones wrote:
>
>> Where do these come from?
>>
>> The "view-home" and "view-last" response types should NEVER be
used
>> generically like this and instead should be specific for the
>> particular request flow they are part of. Along with that, they
should
>> require https or not depending on the other requests they are
working
>> with.
>>
>> -David
>>
>>
>> On Apr 25, 2009, at 12:32 PM, Jacques Le Roux wrote:
>>
>>
>>> Is it normal that the backHome and backLast are not securised ?
>>>
>>> <request-map uri="backHome">
>>> <response name="success" type="view-home"/>
>>> </request-map>
>>> <request-map uri="backLast">
>>> <response name="success" type="view-last"/>
>>> </request-map>
>>>
>>> Jacques
>>>
>>>
--
Antwebsystems.com: Quality OFBiz services for competitive rates
