Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0055218 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Retail Modules] Web POS | major | have not tried | 2024-04-17 12:00 | 2024-04-17 12:13 | |||
| Reporter | adrianromero | View Status | public | |||||
| Assigned To | adrianromero | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | RR24Q1.2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | RR24Q1 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | approved | |||||||
| Review Assigned To | ||||||||
| OBNetwork customer | Gold | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0055218: ExternalOrderLoader is not working because of CSRF token check | |||||||
| Description | Correct requests to ExternalOrderLoader fail, because the CSRF Token check is performed there, and it doesn't pass, so the request is rejected. | |||||||
| Steps To Reproduce | The problem can be reproduced in livebuilds just using the Swagger documentation example: https://livebuilds.openbravo.com/retail_modules_pgsql_pi/api?urls.primaryName=orderloader [^] It can also be reproduced by using the Postman example of the RetailAPI module: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.api/-/blob/master/examples/Retail%20API.postman_collection.json [^] | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0163325) hgbot (developer) 2024-04-17 12:06 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/695 [^] |
|
(0163326) hgbot (developer) 2024-04-17 12:09 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/1531 [^] |
|
(0163329) hgbot (developer) 2024-04-17 12:13 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/695 [^] |
|
(0163330) hgbot (developer) 2024-04-17 12:13 |
Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: a1af6d8ca104e810e977703b2c618a6e8c06e7dc Author: Eugen Hamuraru <eugen.hamuraru@openbravo.com> Date: 17-04-2024 12:04:42 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/a1af6d8ca104e810e977703b2c618a6e8c06e7dc [^] Related to BUG-55218: ability to skip CSRF token check for SecuredJSONProcess --- A src-test/org/openbravo/mobile/core/process/MobileServiceTest.java M src-test/org/openbravo/mobile/core/StandaloneTestSuite.java M src/org/openbravo/mobile/core/process/MobileService.java M src/org/openbravo/mobile/core/process/MobileServiceProcessor.java M src/org/openbravo/mobile/core/process/SecuredJSONProcess.java --- |
|
(0163331) hgbot (developer) 2024-04-17 12:13 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal [^] Changeset: 24a5508d961b645fe0df522664b20d2717c1d3a4 Author: Eugen Hamuraru <eugen.hamuraru@openbravo.com> Date: 17-04-2024 12:08:06 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/commit/24a5508d961b645fe0df522664b20d2717c1d3a4 [^] Fixes ISSUE-55218: skip CSRF token check for the ExternalOrderLoader --- M src/org/openbravo/retail/posterminal/ExternalOrderLoader.java --- |
|
(0163332) hgbot (developer) 2024-04-17 12:13 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.retail.posterminal/-/merge_requests/1531 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2024-04-17 12:00 | adrianromero | New Issue | |
| 2024-04-17 12:00 | adrianromero | Assigned To | => adrianromero |
| 2024-04-17 12:00 | adrianromero | OBNetwork customer | => Gold |
| 2024-04-17 12:00 | adrianromero | Triggers an Emergency Pack | => No |
| 2024-04-17 12:00 | adrianromero | Issue generated from | 0048126 |
| 2024-04-17 12:00 | adrianromero | Relationship added | related to 0048126 |
| 2024-04-17 12:06 | hgbot | Merge Request Status | => open |
| 2024-04-17 12:06 | hgbot | Note Added: 0163325 | |
| 2024-04-17 12:09 | hgbot | Note Added: 0163326 | |
| 2024-04-17 12:13 | hgbot | Merge Request Status | open => approved |
| 2024-04-17 12:13 | hgbot | Note Added: 0163329 | |
| 2024-04-17 12:13 | hgbot | Note Added: 0163330 | |
| 2024-04-17 12:13 | hgbot | Resolution | open => fixed |
| 2024-04-17 12:13 | hgbot | Status | new => closed |
| 2024-04-17 12:13 | hgbot | Fixed in Version | => RR24Q1.2 |
| 2024-04-17 12:13 | hgbot | Note Added: 0163331 | |
| 2024-04-17 12:13 | hgbot | Note Added: 0163332 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |