[Koha-bugs] [Bug 9401] Javascript used for tags handling wants access to CGISESSID cookie
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Jan 16 06:55:10 CET 2013
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9401
--- Comment #1 from Galen Charlton <gmcharlt at gmail.com> ---
Created attachment 14617
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=14617&action=edit
bug 9401: remove direct reads of CGISESSID cookie by JavaScript
Having embedded JavaScript read the session cookie directly
is unnecessary and prevents the CGISESSID cookie being marked
httpOnly as a security measure. The only Koha JS attempting
this was the AJAX tags code.
To test:
- In general, verify that there are no regression withs
adding tags in the OPAC or reviewing them in the staff interface.
- In specific, for the OPAC
- log into the OPAC
- retrieve a bib record
- add a tag
- refresh the bib details page to verify that the
tag was added
- make sure the TagsInputOnList syspref is on
- perform a search
- add a tag to more than one record from the search results page
- repeat the preceding using the CCSR theme
- And in the staff interface
- Go to the review tags tool
- Reject a tag
- Refresh to verify that the tag was rejected
Signed-off-by: Galen Charlton <gmc at esilibrary.com>
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list