This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
commit cf272a9750db86927d6f2692320fe0f4165dd0ff
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Fri Mar 27 14:43:52 2020 +0100
Improved: POC for CSRF Token
(OFBIZ-11306)
There is no need to change it in common-controller because, apart the
ecommerce
application, there are no applications that requires an anonymous flow.
It should be only changed in ecommerce controller.
---
ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index 5f7031c..d9047f4 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -1605,7 +1605,7 @@ under the License.
</request-map>
<request-map uri="getAssociatedStateList">
- <security https="true" auth="false"/>
+ <security https="true" auth="false" csrf-token="false"/>
<event type="service" invoke="getAssociatedStateList"/>
<response name="success" type="request" value="json"/>
<response name="error" type="request" value="json"/>
