From e79d407340ce8da1765ab72f9fffa938f66c69ac Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Wed, 15 May 2024 14:47:30 +0200 Subject: [PATCH] Bug 36863: Deal with non-listed methods in CSRF plack middleware Signed-off-by: Victor Grousset/tuxayo Signed-off-by: Chris Cormack Signed-off-by: Katrin Fischer --- Koha/Middleware/CSRF.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Koha/Middleware/CSRF.pm b/Koha/Middleware/CSRF.pm index 88f7035c25..314c311aa6 100644 --- a/Koha/Middleware/CSRF.pm +++ b/Koha/Middleware/CSRF.pm @@ -77,6 +77,9 @@ sub call { } } } + elsif ( !exists $stateless_methods{$request_method} && !exists $stateful_methods{$request_method} ) { + $error = sprintf "unknown or unsupported method %s", $request_method; + } if ($error) {