Skip to Content
8
Mar 09, 2018 at 10:51 AM

SmartEdit on Hybris 6.6 -

793 Views

When accessing SmartEdit on a 6.6 Hybris instance you'll get several frontend issues (CSS not loading, etc), making the whole interface partially not working and throwing this error on console:

org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.

alt text

This is due to wrong Spring paths generated like below https://dev.local:9002/smartedit/static-resources/dist/smartedit//fonts/hyicon.woff?1509480052

(note the 2 slashes "//" before "fonts")

This is due to Spring StrictHttpFirewall

https://github.com/spring-projects/spring-security/issues/5044

https://github.com/spring-projects/spring-security/issues/5007

This is definitely something that needs to be addressed by Hybris, since the URL shouldn't be generated in such a wrong way. From a quick analysis URL was always generated in such a wrong way (ie. in 6.5.0.3 it was generated like this too) but due to the Spring StrictHttpFirewall they're not allowed anymore.

In order to fix it temporarily:

 StrictHttpFirewall.setAllowUrlEncodedSlash(true)

or revert to HttpFirewall

Attachments

10519-image-2.png (13.4 kB)