[Bug 42730] New: Migrate place_booking.js $.post to api-client.js
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Bug ID: 42730 Summary: Migrate place_booking.js $.post to api-client.js Initiative type: --- Sponsorship --- status: Product: Koha Version: Main Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: tomascohen@gmail.com QA Contact: testopia@bugs.koha-community.org CC: tomascohen@gmail.com place_booking.js (line 2357) uses $.post() directly to call the REST API. This should be migrated to use api-client.js which already handles CSRF token injection. This is a prerequisite for enforcing CSRF protection on the REST API (Bug 34451). -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jonathan.druart@gmail.com, | |martin.renvoize@openfifth.c | |o.uk Blocks| |34451 Status|NEW |ASSIGNED Assignee|koha-bugs@lists.koha-commun |tomascohen@gmail.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff Patch complexity|--- |Trivial patch -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 --- Comment #1 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 199764 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199764&action=edit Bug 42730: Migrate place_booking.js $.post to api-client.js Replace direct $.post() and $.ajax() calls to /api/v1/bookings with the new BookingAPIClient, which uses http-client.js and automatically includes the CSRF token header. Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Failed QA --- Comment #2 from Jonathan Druart <jonathan.druart@gmail.com> --- koha-tmpl/intranet-tmpl/prog/js/fetch/booking-api-client.js: update: (booking_id, booking) => We use update: (object, id) => in all the other api-client files. You should also add it to js/vue/fetch/api-client.js to make it accessible from Vue apps. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Failed QA |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199764|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 --- Comment #3 from Tomás Cohen Arazi (tcohen) <tomascohen@gmail.com> --- Created attachment 199831 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199831&action=edit Bug 42730: Migrate place_booking.js $.post to api-client.js Replace direct $.post() and $.ajax() calls to /api/v1/bookings with the new BookingAPIClient, which uses http-client.js and automatically includes the CSRF token header. Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199831|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42730 --- Comment #4 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 200634 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=200634&action=edit Bug 42730: Migrate place_booking.js $.post to api-client.js Replace direct $.post() and $.ajax() calls to /api/v1/bookings with the new BookingAPIClient, which uses http-client.js and automatically includes the CSRF token header. Signed-off-by: Tomás Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org