Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity

Bug 37741: Do not send cookie back from error pages

Browse source 
This change stops the cookie from being sent back from error pages,
so that backcalls that cause errors don't overwrite the existing cookie
used by the foreground request page.

Test plan:
0. Apply the patch and koha-plack --reload kohadev
1. Set syspref IntranetFavicon to http://localhost:8081/cgi-bin/koha/bad.jpg
2. Open browser developer tools
3. Go to http://localhost:8081/cgi-bin/koha/mainpage.pl
4. Open the Network tab, disable the cache, and shift refresh
5. Notice that bad.jpg fails to load with a 404
6. Try to login to Koha
7. Confirm login works

*. Extra points if you note that the cookie returned by the first
mainpage.pl request is used for the bad.jpg lookup and the second
mainpage.pl request.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
This commit is contained in:
David Cook 2024-08-27 01:48:58 +00:00 committed by Katrin Fischer
parent 7342209b34
commit e6a1d65c9a
Signed by: kfischer
GPG key ID: 0EF6E2C03357A834
12 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
errors/400.pl
View file

@ -41,4 +41,7 @@ my $status = '400 Bad Request';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
errors/401.pl
View file

@ -40,4 +40,6 @@ my $status = '401 Unauthorized';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
errors/402.pl
View file

@ -41,4 +41,6 @@ my $status = '402 Payment Required';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
errors/403.pl
View file

@ -43,4 +43,6 @@ my $status = '403 Forbidden';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

3
errors/404.pl
View file

@ -41,4 +41,7 @@ my $status = '404 Not Found';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
errors/500.pl
View file

@ -41,4 +41,6 @@ my $status = '500 Internal Server Error';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
opac/errors/400.pl
View file

@ -41,4 +41,6 @@ my $status = '400 Bad Request';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
opac/errors/401.pl
View file

@ -41,4 +41,6 @@ my $status = '401 Unauthorized';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
opac/errors/402.pl
View file

@ -41,4 +41,6 @@ my $status = '402 Payment Required';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
opac/errors/403.pl
View file

@ -43,4 +43,6 @@ my $status = '403 Forbidden';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
opac/errors/404.pl
View file

@ -41,4 +41,6 @@ my $status = '404 Not Found';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;

2
opac/errors/500.pl
View file

@ -41,4 +41,6 @@ my $status = '500 Internal Server Error';
if ( C4::Context->is_internal_PSGI_request() ) {
$status = '200 OK';
}
#NOTE: We're not setting/updating the cookie here
$cookie = '';
output_with_http_headers $query, $cookie, $template->output, 'html', $status;