https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37899 Bug ID: 37899 Summary: Koha ILSDI endpoints expect a CSRF token - so ILSDI requests fail Change sponsored?: --- Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Web services Assignee: koha-bugs@lists.koha-community.org Reporter: alexbuckley@catalyst.net.nz QA Contact: testopia@bugs.koha-community.org In Koha 24.05 CSRF.pm ( https://git.koha-community.org/Koha-community/Koha/src/branch/main/Koha/Midd... ) expects all stateful methods (POST, PUT, DELETE, PATCH requests) to include a CSRF token. This includes requests to ILSDI ( https://wiki.koha-community.org/wiki/ILS-DI ). This requirement for a CSRF token for ILSDI, which is designed to be used cross site, means ILSDI requests do not work on 24.05 onwards. Several third-party systems need to connect to Koha via ILSDI, for example EDS in order to fetch RTAC (Real-Time Availability Check) data. EDS can also fetch RTAC data from Koha via Z39.50. Another is Bolinda (BorrowBox), an eBook platform, which authenticates Koha users via ILSDI. It would be nice to hear the communities views on what could/should be done to get ILSDI working again. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.