[Bug 13342] Not logged in user can place a review/comment as a deleted patron
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13342 --- Comment #9 from David Cook <dcook@prosentient.com.au> --- (In reply to Alexandre Noel from comment #5)
I don't really understand why it's giving you an error 403, because I tried again on main (v24.06) and can't seem to get this error with or without the patch. I don't use the KTD, so maybe it would work without using it?
Anyway, as long as the user can't post the comment, it's fine because that's what we want to do.
The 403 is a CSRF error. While the user is POSTing the form with a CSRF token, that token is tied to the user's session. If their session is no longer valid, then the CSRF token validation fails. So 24.05+ won't have this issue. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org