Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-2330 Main task for securing URLs in Freemarker templates files
  3. OFBIZ-7306

Delete Customer Tax Auth Info link is not working - Security Error

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • Release Branch 13.07, Release Branch 14.12, Release Branch 15.12, Trunk
    • None
    • ecommerce
    • None
    • Bug Crush Event - 21/2/2015

    Description

      Steps to reproduce:
      1) Go to eCommerce
      2) Click on profile tab
      3) Add customer tax auth info from "Tax Identification and Exemption" section.
      4) Click on delete icon.

      Getting following security error:

      Error calling event: org.ofbiz.webapp.event.EventHandlerException: Found URL parameter [partyId] passed to secure (https) request-map with uri [deleteCustomerTaxAuthInfo] with an event that calls service [deletePartyTaxAuthInfo]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL.

      Attachments

        Issue Links

          is duplicated by

          Sub-task - The sub-task of the issue OFBIZ-4106 deleteCustomerTaxAuthInfo page called from /ecommerce/control/viewprofile

          • Major - Major loss of function.
          • Closed

          Activity

            People

              pandeypranay Pranay Pandey
              rehan.khan Mohammed Rehan Khan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: