https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39527 --- Comment #1 from Julian Maurice <julian.maurice@biblibre.com> --- Created attachment 180348 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=180348&action=edit Bug 39527: Add action attribute to letter.pl form If not explicitly set, two 'op' parameters are sent, one with the value in the URL (add_form), one with the value in the form (cud-add_validate). This causes an error in the CSRF validation code under Mojolicious environment. Test plan: 1. Start staff interface as mojolicious application: `bin/intranet daemon -l http://*:3000/` 2. Go to http://localhost:3000 (replace localhost by the hostname where koha is running), log in, then go to Tools » Notices and slips. 3. Create a new notice. Without the patch it fails with the following message: Incorrect use of an unsafe HTTP method with an `op` parameter that does not start with "cud-" With the patch it should succeed. -- You are receiving this mail because: You are watching all bug changes.