https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37961 Bug ID: 37961 Summary: Inventory followup fails by POSTing without an op or csrf_token Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Keywords: regression, rel_24_05_candidate Severity: major Priority: P1 - high Component: Tools Assignee: phil@chetcolibrary.org Reporter: phil@chetcolibrary.org QA Contact: testopia@bugs.koha-community.org Depends on: 36192 After you upload a file or textarea of barcodes to inventory, the next step is a list of the things that were missing, with checkboxes to check when you find them, and buttons to Mark seen, which send a POST to /cgi-bin/koha/tools/ajax-inventory.pl without an op param (since it doesn't have an $op) and without a csrf_token, so the POST fails with a 403. Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 [Bug 36192] [OMNIBUS] CSRF Protection for Koha -- You are receiving this mail because: You are watching all bug changes.