https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36094 --- Comment #35 from David Cook <dcook@prosentient.com.au> --- (In reply to Jonathan Druart from comment #34)
We don't have cud-, requiring POST, or whatever. The curl command from comment 17 is still valid, everybody can request it.
I don't think cud- applies for the /svc API - at least not the original one. As for requiring POST and comment 17 for /svc/authentication... that's a good point but that is more so an issue with check_api_auth() and changing that has wide-reaching consequences beyond /svc. As for /svc/bib, /svc/new_bib, and /svc/import_bib, they already require POSTs, so they should be fine (not withstanding the same issue with being able to login using a GET via check_api_auth()). -- You are receiving this mail because: You are watching all bug changes.