[ https://issues.apache.org/jira/browse/OFBIZ-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jacques Le Roux updated OFBIZ-11349: ------------------------------------ Summary: The "stream" request-map in ecommerce and commonext controllers require authentication (was: Put back the "stream" request-map in ecommerce controller) > The "stream" request-map in ecommerce and commonext controllers require > authentication > -------------------------------------------------------------------------------------- > > Key: OFBIZ-11349 > URL: https://issues.apache.org/jira/browse/OFBIZ-11349 > Project: OFBiz > Issue Type: Bug > Components: ecommerce > Affects Versions: Trunk, Release Branch 17.12, Release Branch 18.12 > Reporter: Jacques Le Roux > Priority: Major > > For security reason, the "stream" request-map > # in ecommerce controller have been temporarily commented out. > # in commonext controller has been changed to require authentication. > We will need to > # put back the functionnalities allowed by the "stream" request-map in > ecommerce . > # later check that mandatory authentication in commonext controller no impact. > *Eventually it turned out that we simply needed to require authentication in > both cases (back and front ends). Because in ecommerce/ecomseo webapps the > stream request is only used to post images in blog entries an you need to be > logged in to do so.* -- This message was sent by Atlassian Jira (v8.3.4#803005)