From d4a455425c140faf1bcd2ecab74e4c421c612080 Mon Sep 17 00:00:00 2001
From: Julian Maurice <julian.maurice@biblibre.com>
Date: Fri, 3 May 2024 09:17:37 +0200
Subject: [PATCH] Bug 36598: Fix CSRF header name (underscore -> hyphen)

Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
---
 Koha/App/Plugin/CSRF.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Koha/App/Plugin/CSRF.pm b/Koha/App/Plugin/CSRF.pm
index b24fef655a..579d0178bd 100644
--- a/Koha/App/Plugin/CSRF.pm
+++ b/Koha/App/Plugin/CSRF.pm
@@ -91,7 +91,7 @@ C<$req> must be a Mojo::Message::Request object
 sub is_csrf_valid {
     my ( $self, $req ) = @_;
 
-    my $csrf_token = $req->param('csrf_token') || $req->headers->header('CSRF_TOKEN');
+    my $csrf_token = $req->param('csrf_token') || $req->headers->header('CSRF-TOKEN');
     my $cookie     = $req->cookie('CGISESSID');
     if ( $csrf_token && $cookie ) {
         my $session_id = $cookie->value;
-- 
2.39.5