https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=32713 Bug ID: 32713 Summary: x-koha-embed appears to no longer properly validate Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: martin.renvoize@ptfs-europe.com CC: tomascohen@gmail.com We migrated x-koha-embed into properly specified header parameters in bug 30536 however it appears that the upstream validation of those headers has since broken and we're now allowing open embed calls through from the API. At best this can lead to server errors leaking, at worst it exposed methods that should be private to the API. We need to write some tests to catch this and possibly re-instate the in-koha validation whilst the OpenAPI is updated. See 8e1265c45ddfc53d4bcbfc51e25b297e3592daf4 for some further details. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.