]> git.koha-community.org Git - koha.git/commit
Bug 36148: Move CSRF check to a Plack middleware
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Thu, 22 Feb 2024 14:16:08 +0000 (15:16 +0100)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 1 Mar 2024 10:01:03 +0000 (11:01 +0100)
commit4bd4b367dd1b23c8917aa0f1b5c655d49aaae063
tree7eaea14890e4a2db3ccd828a3b3a1a3e0a975363
parent82359cf0853e82ff01a2d1828c0450740ca433e2
Bug 36148: Move CSRF check to a Plack middleware

The easiest here is to not empty 'op' but instead redirect to an error
page.

Minor changes: to keep the patch simple it removed the 'dev only' error and
display the error for non-dev installs. It should not be a problem
anyway and will prevent errors to be hidden in the log.
We could make KOHA_ERROR an arrayref, but later (we don't need it now
anyway).

Note that the OPAC still not benefit from a friendly specific error for
invalid token.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
C4/Auth.pm
Koha/Middleware/CSRF.pm [new file with mode: 0644]
debian/templates/plack.psgi
koha-tmpl/intranet-tmpl/prog/en/includes/messages.inc