This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/trunk by this push:
new 40143e6 Fixed: CLONE - Use only HTTPS in OFBiz
40143e6 is described below
commit 40143e6dbab11ba37e43fe4d401488a3483ef6b5
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Mon May 4 13:10:29 2020 +0200
Fixed: CLONE - Use only HTTPS in OFBiz
(OFBIZ-11643)
When doing OFBIZ-6849 I forgot to take care of the https attribute of the
security element used in controllers.
It's not used anymore since we used HTTPS everywhere but in request listed
in
http.request-map.list property of url.properties. It's even enforced by
HSTS for
requests that are not listed in this property.
This removes the https attribute and removes its usage in in controllers.
---
ecommerce/webapp/ecommerce/WEB-INF/controller.xml | 2 --
1 file changed, 2 deletions(-)
diff --git a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
index d9047f4..9148465 100644
--- a/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
+++ b/ecommerce/webapp/ecommerce/WEB-INF/controller.xml
@@ -777,7 +777,6 @@ under the License.
<response name="error" type="view" value="checkoutreview"/>
</request-map>
<request-map uri="worldPayNotify">
- <security https="false"/>
<event type="java"
path="org.apache.ofbiz.accounting.thirdparty.worldpay.WorldPayEvents"
invoke="worldPayNotify"/>
<response name="success" type="none"/>
<response name="error" type="view" value="checkoutreview"/>
@@ -790,7 +789,6 @@ under the License.
<response name="error" type="view" value="checkoutreview"/>
</request-map>
<request-map uri="payPalNotify">
- <security https="false"/>
<event type="java"
path="org.apache.ofbiz.accounting.thirdparty.paypal.PayPalEvents"
invoke="payPalIPN"/>
<response name="success" type="none"/>
<response name="error" type="none"/>
