[Koha-bugs] [Bug 22522] API authentication breaks with updated Mojolicious version
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Jun 30 04:39:20 CEST 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22522
--- Comment #84 from Victor Grousset/tuxayo <victor at tuxayo.net> ---
(In reply to Magnus Enger from comment #10)
> This fixes a major security problem, I'm upping the importance and changing
> the component from ILL to "REST API".
Wow, I missed that.
After a quick test I confirm that I can't do this (on 19.05 and 18.11):
> Test plan:
> 1. Without being logged in to Koha, access an endpoint directly
(such as /api/v1/patrons/{patron_id})
> 2. Notice results are received (which is bad since we're not authenticated)
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list