22 Oct
2024
22 Oct
'24
3:15 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36560 --- Comment #7 from David Cook <dcook@prosentient.com.au> --- Technically, the ILS-DI API can be vulnerable to CSRF, if the ILS-DI:AuthorizedIPs is blank or if it matches the IP address of the targeted user. However, the ILS-DI API doesn't have any way of obtaining a CSRF token, so I think we should add an exception. Alternatively, we could change the way the ILS-DI API works, but that would have far reaching consequences. Another alternative would be to replicate all ILS-DI API functionality in the REST API, and switch people over to using that... -- You are receiving this mail because: You are watching all bug changes.