[Koha-bugs] [Bug 36351] CSRF Adjustments for Cataloguing editor
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 19 16:40:41 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36351
Nick Clemens <nick at bywatersolutions.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #163387|0 |1
is obsolete| |
--- Comment #6 from Nick Clemens <nick at bywatersolutions.com> ---
Created attachment 163457
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163457&action=edit
Bug 36351: Add CSRF tokens to advanced cataloguing editor POST requests
The editor uses ajax post requests to SVC api.
Becuase these apis are XML based requests, they must be handled in the simplest
way, by
embedding the token as a header
To test:
1 - Browse to Cataloguing->Advanced editor
2 - Fill out needed values and save
3 - 403 error
4 - Apply patch
5 - Reload and try agian, success!
6 - Edit and save again, success!
Signed-off-by: Nick Clemens <nick at bywatersolutions.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list