Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0036494Openbravo ERPA. Platformpublic2017-07-14 12:112017-09-21 16:49
Reportermaite 
Assigned Toalostale 
PriorityurgentSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR17Q4 
Merge Request Status
Review Assigned Tocaristu
OBNetwork customerOBPS
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0036494: dojo GET requests have incorrect Content-Type header
DescriptionGrid structure for 2.50 selectors is obtained by a GET request executed from dojo. This request, has a 'Content-Type: application/x-www-form-urlencoded' header, this header is not correct for GET as it is not sending a form [1].

A Web Application Firewall can reject requests with these settings.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type [^]
Steps To Reproduce0. Access Pending Goods Receipt window and open Business Partner selector
1. In developers tools, copy as curl request for info/BusinessPartner.html?Command=STRUCTURE
  -> Check it includes -H 'Content-Type: application/x-www-form-urlencoded' which is incorrect
Proposed SolutionPatch dojo library not to include Content-Type for GET requests
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2017-07-14 12:11maiteNew Issue
2017-07-14 12:11maiteAssigned To => platform
2017-07-14 12:11maiteOBNetwork customer => Yes
2017-07-14 12:11maiteModules => Core
2017-07-14 12:11maiteResolution time => 1501797600
2017-07-14 12:11maiteTriggers an Emergency Pack => No
2017-07-14 12:11maiteIssue Monitored: networkb
2017-07-14 12:47alostaleDescription Updatedbug_revision_view_page.php?rev_id=15517#r15517
2017-07-14 12:47alostaleSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=15519#r15519
2017-07-14 12:47alostaleProposed Solution updated
2017-07-14 12:47alostaleAssigned Toplatform => alostale
2017-07-14 12:48alostaleSummaryGET requests are being blocked by Web Application Firewall due to old dojo library => dojo GET requests have incorrect Content-Type header
2017-07-14 12:48alostaleReview Assigned To => caristu
2017-07-17 08:19hgbotCheckin
2017-07-17 08:19hgbotNote Added: 0098087
2017-07-17 08:19hgbotStatusnew => resolved
2017-07-17 08:19hgbotResolutionopen => fixed
2017-07-17 08:19hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/022400f75d09ff3dc649a969fefc35c6136e61ed [^]
2017-07-17 08:19hgbotCheckin
2017-07-17 08:19hgbotNote Added: 0098089
2017-07-19 12:37caristuNote Added: 0098132
2017-07-19 12:37caristuStatusresolved => closed
2017-07-19 12:37caristuFixed in Version => 3.0PR17Q4
2017-09-21 16:49hudsonbotCheckin
2017-09-21 16:49hudsonbotNote Added: 0099273
2017-09-21 16:49hudsonbotCheckin
2017-09-21 16:49hudsonbotNote Added: 0099275

Notes
(0098087)
hgbot   
2017-07-17 08:19   
Repository: erp/devel/pi
Changeset: 022400f75d09ff3dc649a969fefc35c6136e61ed
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Jul 14 12:54:19 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/022400f75d09ff3dc649a969fefc35c6136e61ed [^]

fixed bug 36494: dojo GET requests have incorrect Content-Type header

  GET requests shouldn't include Content-Type header, which was the case for dojo
  grid requests.

  Patched dojo to prevent it.

---
M src/org/openbravo/erpCommon/security/Login.html
M web/js/dojotoolkit/dojo/_base/xhr.js
M web/js/dojotoolkit/dojo/dojo.js
M web/js/utils.js
---
(0098089)
hgbot   
2017-07-17 08:19   
Repository: erp/devel/pi
Changeset: ec7a1e4535e30c71cd08430adfaecff921df61c6
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Jul 14 14:42:14 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/ec7a1e4535e30c71cd08430adfaecff921df61c6 [^]

related to bug 36494: patch also dojo.js.uncompressed.js

---
M web/js/dojotoolkit/dojo/dojo.js.uncompressed.js
---
(0098132)
caristu   
2017-07-19 12:37   
Code reviewed + tested OK: the 'Content-Type' is not included in the GET requests launched by dojo.
(0099273)
hudsonbot   
2017-09-21 16:49   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^]
Maturity status: Test
(0099275)
hudsonbot   
2017-09-21 16:49   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^]
Maturity status: Test