Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0036494 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | always | 2017-07-14 12:11 | 2017-09-21 16:49 | |||
| Reporter | maite | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 3.0PR17Q4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 022400f75d09 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | caristu | |||||||
| OBNetwork customer | OBPS | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0036494: dojo GET requests have incorrect Content-Type header | |||||||
| Description | Grid structure for 2.50 selectors is obtained by a GET request executed from dojo. This request, has a 'Content-Type: application/x-www-form-urlencoded' header, this header is not correct for GET as it is not sending a form [1]. A Web Application Firewall can reject requests with these settings. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type [^] | |||||||
| Steps To Reproduce | 0. Access Pending Goods Receipt window and open Business Partner selector 1. In developers tools, copy as curl request for info/BusinessPartner.html?Command=STRUCTURE -> Check it includes -H 'Content-Type: application/x-www-form-urlencoded' which is incorrect | |||||||
| Proposed Solution | Patch dojo library not to include Content-Type for GET requests | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0098087) hgbot (developer) 2017-07-17 08:19 |
Repository: erp/devel/pi Changeset: 022400f75d09ff3dc649a969fefc35c6136e61ed Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Fri Jul 14 12:54:19 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/022400f75d09ff3dc649a969fefc35c6136e61ed [^] fixed bug 36494: dojo GET requests have incorrect Content-Type header GET requests shouldn't include Content-Type header, which was the case for dojo grid requests. Patched dojo to prevent it. --- M src/org/openbravo/erpCommon/security/Login.html M web/js/dojotoolkit/dojo/_base/xhr.js M web/js/dojotoolkit/dojo/dojo.js M web/js/utils.js --- |
|
(0098089) hgbot (developer) 2017-07-17 08:19 |
Repository: erp/devel/pi Changeset: ec7a1e4535e30c71cd08430adfaecff921df61c6 Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Fri Jul 14 14:42:14 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/ec7a1e4535e30c71cd08430adfaecff921df61c6 [^] related to bug 36494: patch also dojo.js.uncompressed.js --- M web/js/dojotoolkit/dojo/dojo.js.uncompressed.js --- |
|
(0098132) caristu (viewer) 2017-07-19 12:37 |
Code reviewed + tested OK: the 'Content-Type' is not included in the GET requests launched by dojo. |
|
(0099273) hudsonbot (viewer) 2017-09-21 16:49 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
(0099275) hudsonbot (viewer) 2017-09-21 16:49 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-07-14 12:11 | maite | New Issue | |
| 2017-07-14 12:11 | maite | Assigned To | => platform |
| 2017-07-14 12:11 | maite | OBNetwork customer | => Yes |
| 2017-07-14 12:11 | maite | Modules | => Core |
| 2017-07-14 12:11 | maite | Resolution time | => 1501797600 |
| 2017-07-14 12:11 | maite | Triggers an Emergency Pack | => No |
| 2017-07-14 12:11 | maite | Issue Monitored: networkb | |
| 2017-07-14 12:47 | alostale | Description Updated | View Revisions |
| 2017-07-14 12:47 | alostale | Steps to Reproduce Updated | View Revisions |
| 2017-07-14 12:47 | alostale | Proposed Solution updated | |
| 2017-07-14 12:47 | alostale | Assigned To | platform => alostale |
| 2017-07-14 12:48 | alostale | Summary | GET requests are being blocked by Web Application Firewall due to old dojo library => dojo GET requests have incorrect Content-Type header |
| 2017-07-14 12:48 | alostale | Review Assigned To | => caristu |
| 2017-07-17 08:19 | hgbot | Checkin | |
| 2017-07-17 08:19 | hgbot | Note Added: 0098087 | |
| 2017-07-17 08:19 | hgbot | Status | new => resolved |
| 2017-07-17 08:19 | hgbot | Resolution | open => fixed |
| 2017-07-17 08:19 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/022400f75d09ff3dc649a969fefc35c6136e61ed [^] |
| 2017-07-17 08:19 | hgbot | Checkin | |
| 2017-07-17 08:19 | hgbot | Note Added: 0098089 | |
| 2017-07-19 12:37 | caristu | Note Added: 0098132 | |
| 2017-07-19 12:37 | caristu | Status | resolved => closed |
| 2017-07-19 12:37 | caristu | Fixed in Version | => 3.0PR17Q4 |
| 2017-09-21 16:49 | hudsonbot | Checkin | |
| 2017-09-21 16:49 | hudsonbot | Note Added: 0099273 | |
| 2017-09-21 16:49 | hudsonbot | Checkin | |
| 2017-09-21 16:49 | hudsonbot | Note Added: 0099275 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |