[Koha-bugs] [Bug 32713] New: x-koha-embed appears to no longer properly validate
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jan 24 17:22:19 CET 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32713
Bug ID: 32713
Summary: x-koha-embed appears to no longer properly validate
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: REST API
Assignee: koha-bugs at lists.koha-community.org
Reporter: martin.renvoize at ptfs-europe.com
CC: tomascohen at gmail.com
We migrated x-koha-embed into properly specified header parameters in bug 30536
however it appears that the upstream validation of those headers has since
broken and we're now allowing open embed calls through from the API.
At best this can lead to server errors leaking, at worst it exposed methods
that should be private to the API.
We need to write some tests to catch this and possibly re-instate the in-koha
validation whilst the OpenAPI is updated.
See 8e1265c45ddfc53d4bcbfc51e25b297e3592daf4 for some further details.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list