https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42739 Bug ID: 42739 Summary: OPAC ratings.js: Add CSRF-TOKEN header to fetch call Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com QA Contact: testopia@bugs.koha-community.org CC: tomascohen@gmail.com ratings.js uses raw fetch() to POST to /api/v1/public/biblios/{id}/ratings without including the CSRF-TOKEN header. This will break once CSRF enforcement is enabled on the REST API (Bug 34451). The fix is to read the token from the csrf-token meta tag and include it in the fetch headers. Blocks Bug 34451. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.