[ https://issues.apache.org/jira/browse/OFBIZ-4596?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux closed OFBIZ-4596. ---------------------------------- Resolution: Not A Problem Assignee: Jacques Le Roux Please don't use Jira to ask questions. Use rather user ML for such questions: http://cwiki.apache.org/confluence/display/OFBADMIN/Mailing+Lists > URL parameter passed to secure (https) request-map is not allowed for > security reasons > -------------------------------------------------------------------------------------- > > Key: OFBIZ-4596 > URL: https://issues.apache.org/jira/browse/OFBIZ-4596 > Project: OFBiz > Issue Type: Test > Components: product > Environment: windows 7 > Reporter: juning lee > Assignee: Jacques Le Roux > > Hi,everyone~ > I wrote a screen,which is made up of two forms,first one is a search form > looking up a certain supplier,the second one is a list form, it shows all the > products whose supplier is the choosen one,and you can modify the lastPrice > by fill in the text and click the submit button next to it. > It all goes well until I done a modification and tries to page down,an > error occurs and says: > "Found URL parameter [partyId] passed to secure (https) request-map with > uri [updateSupplierProductBySupplier] with an event that calls service > [updateSupplierProduct]; this is not allowed for security reasons! The data > should be encrypted by making it part of the request body (a form field) > instead of the request URL. " > in the controller.xml I wrote this: > <request-map uri="updateSupplierProductBySupplier"> > <security https="true" auth="true"/> > <event type="service" path="" invoke="updateSupplierProduct"/> > <response name="success" type="request-redirect" > value="ListSupplierPriceBySupplier"><redirect-parameter > name="partyId"/></response> <!-- goes back to the last page and passes > partyId to the screen --> > </request-map> > I don't quite understand what to do,so would anyone be so kind to tell me > what should I do to solve this? > Thx in advance~ > lee 2011-11-29 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira