https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812 Bug ID: 41812 Summary: xt/find-missing-csrf.t failing when JS contains csrf_token hidden input Initiative type: --- Sponsorship --- status: Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Test Suite Assignee: jonathan.druart@gmail.com Reporter: jonathan.druart@gmail.com QA Contact: testopia@bugs.koha-community.org Depends on: 41565 commit 7a80a9be011071d504b7ed2aa2190433aed772a5 Bug 41565: Tidy kohaTable - bookings/list.tt + const csrf_token = $('meta[name="csrf-token"]').attr("content"); result += ` <form name="checkout-transform" method="post" action="/cgi-bin/koha/circ/circulation.pl?borrowernumber=%s"> - [% INCLUDE 'csrf-token.inc' %] + <input type="hidden" name="csrf_token" value="${csrf_token}" /> <input type="hidden" name="op" value="cud-checkout"/> <input type="hidden" name="borrowernumber" value="%s"/> <input type="hidden" name="barcode" value="%s"/> This code injected the csrf token using the TT include file, that made pass xt/find-missing-csrf.t This bug removed the TT tags from the script tags, and we now need to use a JS variable and retrieve the csrf token from the meta tag. The test needs to be adjusted. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41565 [Bug 41565] Tidy kohaTable block - bookings -- You are receiving this mail because: You are watching all bug changes.