URL parameter passed to secure (https) request-map is not allowed for security
reasons
--------------------------------------------------------------------------------------
Key: OFBIZ-4596
URL: https://issues.apache.org/jira/browse/OFBIZ-4596
Project: OFBiz
Issue Type: Test
Components: product
Environment: windows 7
Reporter: juning lee
Hi,everyone~
I wrote a screen,which is made up of two forms,first one is a search form
looking up a certain supplier,the second one is a list form, it shows all the
products whose supplier is the choosen one,and you can modify the lastPrice by
fill in the text and click the submit button next to it.
It all goes well until I done a modification and tries to page down,an error
occurs and says:
"Found URL parameter [partyId] passed to secure (https) request-map with uri
[updateSupplierProductBySupplier] with an event that calls service
[updateSupplierProduct]; this is not allowed for security reasons! The data
should be encrypted by making it part of the request body (a form field)
instead of the request URL. "
in the controller.xml I wrote this:
<request-map uri="updateSupplierProductBySupplier">
<security https="true" auth="true"/>
<event type="service" path="" invoke="updateSupplierProduct"/>
<response name="success" type="request-redirect"
value="ListSupplierPriceBySupplier"><redirect-parameter
name="partyId"/></response> <!-- goes back to the last page and passes partyId
to the screen -->
</request-map>
I don't quite understand what to do,so would anyone be so kind to tell me
what should I do to solve this?
Thx in advance~
lee 2011-11-29
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
