[Koha-bugs] [Bug 9401] Javascript used for tags handling wants access to CGISESSID cookie
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Feb 1 11:02:39 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9401
M. de Rooy <m.de.rooy at rijksmuseum.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #14617|0 |1
is obsolete| |
--- Comment #2 from M. de Rooy <m.de.rooy at rijksmuseum.nl> ---
Created attachment 14998
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14998&action=edit
bug 9401: remove direct reads of CGISESSID cookie by JavaScript
Having embedded JavaScript read the session cookie directly
is unnecessary and prevents the CGISESSID cookie being marked
httpOnly as a security measure. The only Koha JS attempting
this was the AJAX tags code.
To test:
- In general, verify that there are no regression withs
adding tags in the OPAC or reviewing them in the staff interface.
- In specific, for the OPAC
- log into the OPAC
- retrieve a bib record
- add a tag
- refresh the bib details page to verify that the
tag was added
- make sure the TagsInputOnList syspref is on
- perform a search
- add a tag to more than one record from the search results page
- repeat the preceding using the CCSR theme
- And in the staff interface
- Go to the review tags tool
- Reject a tag
- Refresh to verify that the tag was rejected
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list