https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36094 --- Comment #18 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #17)
(In reply to David Cook from comment #16)
All good. I worked it out in the end.
See bug 36084.
It's not secure.
% curl 'http://localhost:8081/cgi-bin/koha/svc/ authentication?login_userid=koha&login_password=koha'
<?xml version='1.0' standalone='yes'?> <response> <status>ok</status> </response>
Yeah, that's a problem with check_api_auth(), which I figured was outside the scope of this particular change. I suppose if it's a GET we might be able to delete the credentials out of the $query object before passing it to check_api_auth(). Without doing a lot of refactoring, I think we're probably going to be left with a hacky option like that. -- You are receiving this mail because: You are watching all bug changes.