[Koha-bugs] [Bug 36349] Login for SCO/SCI broken by CSRF
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Mar 20 16:06:32 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36349
Owen Leonard <oleonard at myacpl.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #163356|0 |1
is obsolete| |
Attachment #163514|0 |1
is obsolete| |
--- Comment #8 from Owen Leonard <oleonard at myacpl.org> ---
Created attachment 163552
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163552&action=edit
Bug 36349: Make sure CSRF token is included for all login scenarios
To test:
1 - In KTD visit:
http://localhost:8080/cgi-bin/koha/sci/sci-main.pl
2 - Everything should be set for auto self check user etc, just login
as a patron
If not (or not using KTD) setup a self check user, enable SCO and
SCI, set self check patron system preferences, then login with
patron
3 - 403 Error
4 - Repeat with sco:
http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
5 - Apply patch, restart all
6 - Try again, both should be successful
Signed-off-by: Owen Leonard <oleonard at myacpl.org>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list