Kia ora koutou/Hello everyone, We have several Koha integrations that require third-party systems to call Koha ILS-DI endpoints. For example, Bolinda (BorrowBox) which calls the GetPatronInfo ILS-DI endpoint for authenticating users. Or the EBSCO EDS integration, which can use Koha ILS-DI endpoints for fetching RTAC (Real-Time Availability Check) data - alternatively, it can also integrate via Koha Z39.50. Since Koha 24.05, ILS-DI requests for these integrations do not work, because the Koha CSRF.pm <https://git.koha-community.org/Koha-community/Koha/src/branch/main/Koha/Middleware/CSRF.pm> file expects a CSRF token for all stateful methods (POST, PUT, DELETE, PATCH requests), including ILS-DI endpoints. As ILS-DI is designed to be used cross site, we would be interested to hear the communities thoughts on what could, or should, be done to get ILS-DI requests from third-party systems working again - given these integrations do not pass through CSRF tokens. To that end we have logged a bug report for having this conversation: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37899 I will also link this bug report from the community Mattermost Development channel. We would be interested to hear your thoughts on the bug report. Thanks so much, as always, Alex