Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0036494
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajoralways2017-07-14 12:112017-09-21 16:49
ReportermaiteView Statuspublic 
Assigned Toalostale 
PriorityurgentResolutionfixedFixed in Version3.0PR17Q4
StatusclosedFix in branchFixed in SCM revision022400f75d09
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0036494: dojo GET requests have incorrect Content-Type header

DescriptionGrid structure for 2.50 selectors is obtained by a GET request executed from dojo. This request, has a 'Content-Type: application/x-www-form-urlencoded' header, this header is not correct for GET as it is not sending a form [1].

A Web Application Firewall can reject requests with these settings.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type [^]
Steps To Reproduce0. Access Pending Goods Receipt window and open Business Partner selector
1. In developers tools, copy as curl request for info/BusinessPartner.html?Command=STRUCTURE
  -> Check it includes -H 'Content-Type: application/x-www-form-urlencoded' which is incorrect
Proposed SolutionPatch dojo library not to include Content-Type for GET requests
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0098087)
hgbot (developer)
2017-07-17 08:19

Repository: erp/devel/pi
Changeset: 022400f75d09ff3dc649a969fefc35c6136e61ed
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Jul 14 12:54:19 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/022400f75d09ff3dc649a969fefc35c6136e61ed [^]

fixed bug 36494: dojo GET requests have incorrect Content-Type header

  GET requests shouldn't include Content-Type header, which was the case for dojo
  grid requests.

  Patched dojo to prevent it.

---
M src/org/openbravo/erpCommon/security/Login.html
M web/js/dojotoolkit/dojo/_base/xhr.js
M web/js/dojotoolkit/dojo/dojo.js
M web/js/utils.js
---
(0098089)
hgbot (developer)
2017-07-17 08:19

Repository: erp/devel/pi
Changeset: ec7a1e4535e30c71cd08430adfaecff921df61c6
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Jul 14 14:42:14 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/ec7a1e4535e30c71cd08430adfaecff921df61c6 [^]

related to bug 36494: patch also dojo.js.uncompressed.js

---
M web/js/dojotoolkit/dojo/dojo.js.uncompressed.js
---
(0098132)
caristu (developer)
2017-07-19 12:37

Code reviewed + tested OK: the 'Content-Type' is not included in the GET requests launched by dojo.
(0099273)
hudsonbot (developer)
2017-09-21 16:49

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^]
Maturity status: Test
(0099275)
hudsonbot (developer)
2017-09-21 16:49

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2017-07-14 12:11 maite New Issue
2017-07-14 12:11 maite Assigned To => platform
2017-07-14 12:11 maite Modules => Core
2017-07-14 12:11 maite Triggers an Emergency Pack => No
2017-07-14 12:11 maite Issue Monitored: networkb
2017-07-14 12:47 alostale Description Updated View Revisions
2017-07-14 12:47 alostale Steps to Reproduce Updated View Revisions
2017-07-14 12:47 alostale Proposed Solution updated
2017-07-14 12:47 alostale Assigned To platform => alostale
2017-07-14 12:48 alostale Summary GET requests are being blocked by Web Application Firewall due to old dojo library => dojo GET requests have incorrect Content-Type header
2017-07-14 12:48 alostale Review Assigned To => caristu
2017-07-17 08:19 hgbot Checkin
2017-07-17 08:19 hgbot Note Added: 0098087
2017-07-17 08:19 hgbot Status new => resolved
2017-07-17 08:19 hgbot Resolution open => fixed
2017-07-17 08:19 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/022400f75d09ff3dc649a969fefc35c6136e61ed [^]
2017-07-17 08:19 hgbot Checkin
2017-07-17 08:19 hgbot Note Added: 0098089
2017-07-19 12:37 caristu Note Added: 0098132
2017-07-19 12:37 caristu Status resolved => closed
2017-07-19 12:37 caristu Fixed in Version => 3.0PR17Q4
2017-09-21 16:49 hudsonbot Checkin
2017-09-21 16:49 hudsonbot Note Added: 0099273
2017-09-21 16:49 hudsonbot Checkin
2017-09-21 16:49 hudsonbot Note Added: 0099275


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker