git.koha-community.org Git - koha.git/commit

author	David Cook <dcook@prosentient.com.au>
	Tue, 22 Oct 2024 02:06:18 +0000 (02:06 +0000)
committer	Katrin Fischer <katrin.fischer@bsz-bw.de>
	Fri, 25 Oct 2024 14:41:29 +0000 (16:41 +0200)
commit	8472279d5c91b277e1bca006887be8f9e6d4c7fa
tree	c0e9304a273b4b5bc207e4e93c5c38c65c4aa292	tree \| snapshot
parent	ef3d6a03de65a344b3dcf1cc5d2b7c6ecef60233	commit \| diff

Bug 36560: Add a CSRF exception for ILS-DI API

This change adds an exception for the ILS-DI API for CSRF prevention since there is no way to acquire a CSRF token
for the ILS-DI API.

1. Go to http://localhost:8081/cgi-bin/koha/admin/preferences.pl?op=search&searchfield=ILS-DI
2. Enable "ILS-DI"
3. curl -v localhost:8080/cgi-bin/koha/ilsdi.pl -d "service=AuthenticatePatron&username=REALUSER&password=REALPASSWORD"
4. Note the 403 response

5. Apply the patch
6. sudo koha-plack --restart kohadev

7. curl -v localhost:8080/cgi-bin/koha/ilsdi.pl -d "service=AuthenticatePatron&username=REALUSER&password=REALPASSWORD"
8. Note the 200 response

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>