From f36c071f5be95894225311e06a944bbad50d49b5 Mon Sep 17 00:00:00 2001 From: Julian Maurice Date: Fri, 3 May 2024 09:17:37 +0200 Subject: [PATCH] Bug 36598: Fix CSRF header name (underscore -> hyphen) Signed-off-by: Victor Grousset/tuxayo Signed-off-by: Marcel de Rooy Signed-off-by: Katrin Fischer --- Koha/App/Plugin/CSRF.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Koha/App/Plugin/CSRF.pm b/Koha/App/Plugin/CSRF.pm index b24fef655a..579d0178bd 100644 --- a/Koha/App/Plugin/CSRF.pm +++ b/Koha/App/Plugin/CSRF.pm @@ -91,7 +91,7 @@ C<$req> must be a Mojo::Message::Request object sub is_csrf_valid { my ( $self, $req ) = @_; - my $csrf_token = $req->param('csrf_token') || $req->headers->header('CSRF_TOKEN'); + my $csrf_token = $req->param('csrf_token') || $req->headers->header('CSRF-TOKEN'); my $cookie = $req->cookie('CGISESSID'); if ( $csrf_token && $cookie ) { my $session_id = $cookie->value; -- 2.39.5