https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37407 --- Comment #9 from Brendan Lawlor <blawlor@clamsnet.org> --- The latest patch is pure javascript so until this bug is resolved this can be added to IntranetUserJS as a workaround: $(document).ready(function() { // Handle checkout for fast cataloging // Check the referrer to prevent csrf, fill and submit form if(document.referrer.split('?')[0] === window.location.origin +'/cgi-bin/koha/cataloguing/additem.pl') { let urlParams = new URLSearchParams(window.location.search); let barcode = urlParams.get('barcode'); $('#barcode').val(barcode); $('#mainform').submit(); } }); This code checks that the referrer is the same origin and from the additem page, but it might not be as secure as the token based csrf protection. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.