Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0035548 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | have not tried | 2017-03-17 08:36 | 2017-03-20 23:12 | |||
| Reporter | mtaal | View Status | public | |||||
| Assigned To | mtaal | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | fa58c10eca84 | ||||
| Projection | none | ETA | none | Target Version | 3.0PR17Q2 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | AugustoMauch | |||||||
| OBNetwork customer | OBPS | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0035548: Cross domain checks is also executed/logged when the origin of the webpos main page and the separate xhr request are the same | |||||||
| Description | The assumption when creating the cross domain logic was that the origin was only set by the browser when the original page and the xhr have different origins. This showed to be false the origin header is always included. This results in cross domain errors in the log if there are mobile server definitions and the multi-server preference is set to N. This results in that the browser/webpos does not have a list of servers and requests all the data from the server it was loaded from. Still the cross domain check on the server uses the mobile server definitions to check the cross domain request. This issue only occurs when: - mobile core is included, and - one or more mobile server definitions are created. It shows by messages in the log [2]. WebPOS functions properly, still there are messages in the log. [1] http://wiki.openbravo.com/wiki/How_to_Setup_MultiServer_Dev_Environment#Understanding_CORS [^] [2] 223347 [http-bio-9080-exec-7] ERROR org.openbravo.mobile.core.authenticate.MobileAllowedCrossDomainsChecker - Origin http://localhost:9080 [^] is not allowed, request information: http://localhost:9080/openbravo/org.openbravo.retail.posterminal/POSLoginHandler-null [^] 231650 [http-bio-9080-exec-7] ERROR org.openbravo.mobile.core.authenticate.MobileAllowedCrossDomainsChecker - Origin http://localhost:9080 [^] is not allowed, request information: http://localhost:9080/openbravo/org.openbravo.retail.posterminal/POSLoginHandler-null [^] | |||||||
| Steps To Reproduce | - Create mobile server definitions - Set the urls of the mobile server to something non-existing - Set multi-server pref to N (not needed but is from the customer case) - Access webpos using localhost - See messages in the log | |||||||
| Proposed Solution | Check if the origin of the request is present in the request url. If so then the request is allowed and cross domain headers do not need to be set either. Code changes can be done in the AllowedCrossDomainsHandler. [1] https://code.openbravo.com/erp/devel/pi/file/05c62ceaa5a6/src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java#l63 [^] | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||
|
|||||||||
 Relationships |
|
Notes |
|
|
(0095389) hgbot (developer) 2017-03-19 10:18 |
Repository: erp/devel/pi Changeset: fa58c10eca84fdfb956ab161e64a9fbc21d93239 Author: Martin Taal <martin.taal <at> openbravo.com> Date: Sun Mar 19 10:18:20 2017 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/fa58c10eca84fdfb956ab161e64a9fbc21d93239 [^] Fixes issue 35548: Cross domain checks is also executed/logged when the origin Do not check cross domain or add cors headers if the request url and origin share the same host/port. --- M src/org/openbravo/base/secureApp/AllowedCrossDomainsHandler.java --- |
|
(0095414) AugustoMauch (administrator) 2017-03-20 10:08 |
Code reviewed and verified |
|
(0095449) hudsonbot (viewer) 2017-03-20 23:12 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/ba27e12a1e16 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-03-17 08:36 | mtaal | New Issue | |
| 2017-03-17 08:36 | mtaal | Assigned To | => mtaal |
| 2017-03-17 08:36 | mtaal | OBNetwork customer | => No |
| 2017-03-17 08:36 | mtaal | Modules | => Core |
| 2017-03-17 08:36 | mtaal | Triggers an Emergency Pack | => No |
| 2017-03-17 08:46 | mtaal | Relationship added | related to 0035549 |
| 2017-03-17 10:10 | shuehner | OBNetwork customer | No => Yes |
| 2017-03-17 10:10 | shuehner | Resolution time | => 1491516000 |
| 2017-03-17 10:14 | shuehner | Issue Monitored: shuehner | |
| 2017-03-19 10:17 | mtaal | Review Assigned To | => AugustoMauch |
| 2017-03-19 10:18 | hgbot | Checkin | |
| 2017-03-19 10:18 | hgbot | Note Added: 0095389 | |
| 2017-03-19 10:18 | hgbot | Status | new => resolved |
| 2017-03-19 10:18 | hgbot | Resolution | open => fixed |
| 2017-03-19 10:18 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/fa58c10eca84fdfb956ab161e64a9fbc21d93239 [^] |
| 2017-03-20 10:08 | AugustoMauch | Note Added: 0095414 | |
| 2017-03-20 10:08 | AugustoMauch | Status | resolved => closed |
| 2017-03-20 23:12 | hudsonbot | Checkin | |
| 2017-03-20 23:12 | hudsonbot | Note Added: 0095449 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |