12 Sep
2024
12 Sep
'24
8:47 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37899 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com --- Comment #1 from Jonathan Druart <jonathan.druart@gmail.com> --- I am not very familiar with this code, but it seems that we have not touch ILSDI when requiring a CSRF token (which means it is still vulnerable). So the "routes" are still accessible via GET and will work (even for stateful requests). -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.