]> git.koha-community.org Git - koha.git/commit
Bug 36084: C4::Auth+plack.psgi for svc?
authorJonathan Druart <jonathan.druart@bugs.koha-community.org>
Mon, 12 Feb 2024 16:36:44 +0000 (17:36 +0100)
committerJonathan Druart <jonathan.druart@bugs.koha-community.org>
Fri, 1 Mar 2024 10:00:39 +0000 (11:00 +0100)
commitc6c8b66b74c5bc7ee7e715a55bfa3f451f48c4ea
treebc35261b2c1eb0230782b9f3e2f79b1c763b5636
parent59ae5d7b6d3d43bc076764d0e9b927b84efb83bb
Bug 36084: C4::Auth+plack.psgi for svc?

Suggestion to move the CSRF check to CGI->new so that we will check it
for every request, and it will cover svc scripts as well (they are not
using get_template_and_user).

The token will be retrieve from the param list *or the csrf_token
header* (do we want to name it x-koha-csrf-token instead?).

This will be done for *every* request that are not GET: CSRF token is now
required everywhere CGI is used (side-effects possible?).

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
C4/Auth.pm
debian/templates/plack.psgi