https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37741 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Text to go in the|This fixes the cause of |This change prevents an release notes|incorrect CSRF errors on |error in a background call |error pages, such as 403s |(e.g. a missing |and 404s. This stops |favicon.ico) from affecting |cookies from being sent |the user's session, which |back from error pages, so |can lead to incorrect CSRF |that actions that cause |403 errors during form |errors don't overwrite the |POSTs. (The issue is |existing cookie. |prevented by stopping error | |pages from returning the | |CGISESSID cookie, which | |overwrites the CGISESSID | |cookie returned by the | |foreground page.) --- Comment #6 from David Cook <dcook@prosentient.com.au> --- Thanks, David. I'll revise the release note. Thanks for adding it! -- You are receiving this mail because: You are watching all bug changes.