]> git.koha-community.org Git - koha.git/commit
Bug 37741: Do not send cookie back from error pages
authorDavid Cook <dcook@prosentient.com.au>
Tue, 27 Aug 2024 01:48:58 +0000 (01:48 +0000)
committerKatrin Fischer <katrin.fischer@bsz-bw.de>
Fri, 30 Aug 2024 10:45:45 +0000 (12:45 +0200)
commite6a1d65c9a0fe36c7c604613f9791e2b25149c08
treeeaa15d6271e6a3256f970f765e59755e1119e415
parent7342209b34d642935651e7b2275c3ca14656c4b1
Bug 37741: Do not send cookie back from error pages

This change stops the cookie from being sent back from error pages,
so that backcalls that cause errors don't overwrite the existing cookie
used by the foreground request page.

Test plan:
0. Apply the patch and koha-plack --reload kohadev
1. Set syspref IntranetFavicon to http://localhost:8081/cgi-bin/koha/bad.jpg
2. Open browser developer tools
3. Go to http://localhost:8081/cgi-bin/koha/mainpage.pl
4. Open the Network tab, disable the cache, and shift refresh
5. Notice that bad.jpg fails to load with a 404
6. Try to login to Koha
7. Confirm login works

*. Extra points if you note that the cookie returned by the first
mainpage.pl request is used for the bad.jpg lookup and the second
mainpage.pl request.

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
12 files changed:
errors/400.pl
errors/401.pl
errors/402.pl
errors/403.pl
errors/404.pl
errors/500.pl
opac/errors/400.pl
opac/errors/401.pl
opac/errors/402.pl
opac/errors/403.pl
opac/errors/404.pl
opac/errors/500.pl