Difference between revisions of "Upgrade Guide v2.5"

From ADF Docs
Jump to: navigation, search
(Enable the CSRF Safe Mode for local ajaxProxy requests)
(Enable the CSRF Safe Mode for local ajaxProxy requests)
Line 55: Line 55:
 
If your site is only using out of the box ADF and ADF Applications then you should enable the "ajaxProxy CSRF Safe Mode" immediately after upgrade.
 
If your site is only using out of the box ADF and ADF Applications then you should enable the "ajaxProxy CSRF Safe Mode" immediately after upgrade.
  
In your '''ADF.cfc''' in the /_cs_apps/ folder in your site root, add the following line:
+
# In your '''ADF.cfc''' in the /_cs_apps/ folder in your site root, add the following line:
 
  enableADFcsrfSafeMode(true);
 
  enableADFcsrfSafeMode(true);
  

Revision as of 17:58, 28 February 2020

Current Version

Follow the guide below if you are upgrading to ADF v2.5.

IMPORTANT: ADF 2.5 can only be used with CommonSpot 10.6.1 or 10.5.2 or above.

Before upgrading, please review the v2.5 Release Notes

If you are upgrading from a version earlier than ADF v2.5, then please follow the guides for previous ADF versions:

Previous ADF Upgrade Guides

Upgrade

Follow the steps below to upgrade the ADF directory:

  1. Download the ADF v2.5 from the Community site project page.
  2. On your server, rename the "/ADF/" directory to "/ADF-2.4.1/".
  3. Create a new "/ADF/" directory. Setup any necessary security or permissions for the new "/ADF/" directory.
  4. Export the download ADF zip folder into the "/ADF/" directory.
  5. Copy the contents of the "/ADF-2.4.1/apps/" directory into the "/ADF/apps/" directory.
  6. Reset the ADF through the web browser with the following URL parameter:
    1.  ?resetADF=1

Note: If you have security permissions on the "/ADF/" directory make sure to set them up because the folder was renamed and then created new.

Validate Upgrade

There are 2 methods to validate the ADF upgrade.

ADF Reset

  1. Reset the ADF through the web browser with the following URL parameter:
    1.  ?resetADF=1
  2. The reset command will add text to the top line of the page. If you see the following text with the date/time stamp:
    1. ADF v2.5 has been reset successfully!
  3. Upgrade was successful and you are running the ADF v2.5.

ADF Version Output

  1. In the browser, add the following URL parameter:
    1.  ?ADFDumpVar=application.ADF.version
  2. This command with output the ADF version at the top of the page. If you see the following text:
    1. 2.5.0
  3. Upgrade was successful and you are running the ADF v2.5.


Post-Upgrade Steps

Enable the CSRF Safe Mode for local ajaxProxy requests

ADF 2.5's new security enhancement, "ajaxProxy CSRF Safe Mode" disabled by default. This is to allow developers an opportunity to update their ADF and ADF App ajaxProxy related customizations, before enabling the CSRF attack prevention validation.

If your site is only using out of the box ADF and ADF Applications then you should enable the "ajaxProxy CSRF Safe Mode" immediately after upgrade.

  1. In your ADF.cfc in the /_cs_apps/ folder in your site root, add the following line:
enableADFcsrfSafeMode(true);

For a new ADF installs, update the line enableADFcsrfSafeMode(false); found in your site's /_cs_apps/ADF.cfc file, from "false" to "true" (see above).

If your site has custom code which uses the ADF's ajaxProxy for local requests before you can enable "ajaxProxy CSRF Safe Mode", using the steps above, you will need to add the CSRF_Token parameter and the method call to get the CSRF_token value to your ajaxProxy calls. Once the "ajaxProxy CSRF Safe Mode" is enabled, the CSRF token key/value pair is required to be passed along with the local request as either a Data or URL parameter, otherwise your ajaxProxy requests will not validate and fail.

CSRF_Token as a Data parameter (using a jQuery.post):

jQuery.post("#application.ADF.ajaxProxy#",
{ 	
  bean: 'dataService',
  method: 'getData',
  CSRF_Token: '#application.ADF.csSecurity.getCSRF_Token()#'
}


CSRF_Token as a URL parameter (using a jQuery.get):

jQuery.get("#application.ADF.ajaxProxy#?bean=dataService&method=getData&CSRF_Token=#application.ADF.csSecurity.getCSRF_Token()#")

Register ADF Scripts as CommonSpot Resources

  1. Register the ADF Script Resources with CommonSpot (for ADF 2.0 and above only!)
    1. Run the Register ALL Scripts tool.
IMPORTANT: The ADF thirdParty scripts libraries will not function when using ADF.scripts_2_0 loadScripts calls unless
they are registered as Resources in CommonSpot 10.x. 


Update Site Level Override Components

  • Any site level override ADF Lib components located in the "_cs_apps/lib/" folder will need to be renamed and the component "extends" updated to point to the latest version of the matching ADF Lib components.
Example: "_cs_apps/lib/scripts_1_1.cfc" needs to become "scripts_2_0.cfc" and the extends value in the component tag
will need to point to "ADF.lib.scripts.scripts_2_0"

Update Custom App Lib Component References

  • Update any ADF Lib component references in your custom ADF Apps to the latest versions of the matching ADF 2.0 Lib components in the App's appBeanConfig.cfm file (in the root of the App directory).
Example: "addConstructorDependency(appBeanName, "scripts_1_2", "scripts"); " needs to become
"addConstructorDependency(appBeanName, "scripts_2_0", "scripts");"

Related Guides

CommonSpot Registered Resources