10 Apr
2024
10 Apr
'24
5:32 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36094 --- Comment #25 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #23)
Of course, at some point, we'll add CSRF protection to the REST API. For that, we'll either require OAuth2 which doesn't need the CSRF tokens, or if they are using Basic Auth, we'll need to require people to use cookies and do something like 'GET /svc/authentication".
Actually, looking at Koha/REST/V1/Auth.pm, it looks like neither OAuth2 or Basic Auth would need the CSRF. It's just the cookie auth that would need the CSRF protection, and that would just be from within Koha. -- You are receiving this mail because: You are watching all bug changes.