_______________________________________________Kia ora koutou/Hello everyone,
We have several Koha integrations that require third-party systems to call Koha ILS-DI endpoints.
For example, Bolinda (BorrowBox) which calls the GetPatronInfo ILS-DI endpoint for authenticating users. Or the EBSCO EDS integration, which can use Koha ILS-DI endpoints for fetching RTAC (Real-Time Availability Check) data - alternatively, it can also integrate via Koha Z39.50.
Since Koha 24.05, ILS-DI requests for these integrations do not work, because the Koha CSRF.pm file expects a CSRF token for all stateful methods (POST, PUT, DELETE, PATCH requests), including ILS-DI endpoints.
As ILS-DI is designed to be used cross site, we would be interested to hear the communities thoughts on what could, or should, be done to get ILS-DI requests from third-party systems working again - given these integrations do not pass through CSRF tokens.
To that end we have logged a bug report for having this conversation: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37899 I will also link this bug report from the community Mattermost Development channel.
We would be interested to hear your thoughts on the bug report.
Thanks so much, as always,
Alex
Koha-devel mailing list
Koha-devel@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : https://www.koha-community.org/
git : https://git.koha-community.org/
bugs : https://bugs.koha-community.org/