Skip to content

Commit

Permalink
Improved: Prevent URL parameters manipulation (OFBIZ-13147)
Browse files Browse the repository at this point in the history 
We need only 1 allowedToken
  • Loading branch information
@JacquesLeRoux
JacquesLeRoux committed Nov 20, 2024
1 parent 2c1dd14 commit 0ba6a54
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions framework/security/config/security.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,7 @@ deniedWebShellTokens=$SHA$OFBiz$c_93W08vqLMlJHjOZ7_A6Wcaenw,$SHA$OFBiz$SigPYIfwa
#-- SHA-1 versions of tokens containing (as String) at least one deniedWebShellTokens
#-- This is notably used to allow special values in query parameters.
#-- If you add a token beware that it does not content ",". It's the separator.
allowedTokens=$SHA$OFBiz$EP-l2t4A_60cRYYnEqEaSiDjfrs,$SHA$OFBiz$JG1RWjLnFzQOpNRUqllybbbfyOE
allowedTokens=$SHA$OFBiz$488OJhFI6NUQlvuqRVFHq6_KN8w

allowStringConcatenationInUploadedFiles=false

Expand Down Expand Up @@ -326,4 +326,4 @@ Content-Security-Policy=Content-Security-Policy-Report-Only
PolicyDirectives=default-src 'self'

#-- Give the size of shortener path when the functionality to shorter the url is used
path.shortener.size=10
path.shortener.size=10

0 comments on commit 0ba6a54

Please sign in to comment.