[Bug 40224] New: Replace use of location.href with POST logout form
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 Bug ID: 40224 Summary: Replace use of location.href with POST logout form Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Self checkout Assignee: koha-bugs@lists.koha-community.org Reporter: kyle@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org The self-check module should use use POST for logouts instead of GET. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 Kyle M Hall (khall) <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |kyle@bywatersolutions.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 --- Comment #1 from Kyle M Hall (khall) <kyle@bywatersolutions.com> --- Created attachment 183443 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=183443&action=edit Bug 40224: Replace use of location.href with POST logout form The self-check module should use use POST for logouts instead of GET. Test Plan: 1) Enable WebBasedSelfCheck and SelfCheckInModule 2) Set SelfCheckTimeout and SelfCheckInTimeout to 10 seconds 3) Log in to each, observer the page is logged out after 10 seconds with not "op=logout" in the URL. Wait another 10 seconds, observe the page again refreshes with no "op=logout" in the URL. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 Kyle M Hall (khall) <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |36586 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36586 [Bug 36586] Self-checkouts will get CSRF errors if left inactive for 8 hours -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 David Nind <david@davidnind.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |david@davidnind.com --- Comment #2 from David Nind <david@davidnind.com> --- Just checking if this is ready for sign off yet. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 --- Comment #3 from Kyle M Hall (khall) <kyle@bywatersolutions.com> --- I'm concerned about issues with Bug 36586 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 --- Comment #4 from David Cook <dcook@prosentient.com.au> --- Comment on attachment 183443 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=183443 Bug 40224: Replace use of location.href with POST logout form Review of attachment 183443: --> (https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html&bug=40224&attachment=183443) ----------------------------------------------------------------- ::: koha-tmpl/opac-tmpl/bootstrap/en/modules/sco/sco-main.tt @@ +577,4 @@
// alert("checkout_confirm('" + patronid + "') called for barcode '" + barcode + "'"); if (! barcode) { dofocus(); return false; } // no barcode if (barcode == "__KOHA_NEW_CIRC__") { // magic barcode + $("#logout_post_form").submit();
Let's avoid jQuery @@ +651,4 @@
confirmModal("", _("Would you like to print a receipt?"), _("Print receipt and end session"), _("End session"), function(result) { if ( result && (Date.now() - confirmStart) < [% Koha.Preference('SelfCheckTimeout') | html %] ) { var win = window.open("/cgi-bin/koha/sco/printslip.pl?print=qslip"); + $("#logout_post_form").submit();
Let's avoid jQuery @@ +655,2 @@
} else { + $("#logout_post_form").submit();
Let's avoid jQuery @@ +657,4 @@
} }) [% ELSE %] + $("#logout_post_form").submit();
Let's avoid jQuery ::: koha-tmpl/opac-tmpl/bootstrap/js/timeout.js @@ +31,4 @@
_timer_increment() { this.idle_time++; if (this.idle_time >= this.idle_timeout) { + $("#" + this.form_id).submit();
Let's try to avoid jQuery. This is trivial to do with regular Javascript. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au --- Comment #5 from David Cook <dcook@prosentient.com.au> --- (In reply to Kyle M Hall (khall) from comment #0)
The self-check module should use use POST for logouts instead of GET.
Makes sense! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=40224 --- Comment #6 from David Cook <dcook@prosentient.com.au> --- (In reply to Kyle M Hall (khall) from comment #3)
I'm concerned about issues with Bug 36586
Hopefully bug 40336 should fix those issues -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org