From bf427a2947113f73186c5de5f85479306e49daf5 Mon Sep 17 00:00:00 2001 From: David Cook Date: Fri, 2 Aug 2024 01:49:06 +0000 Subject: [PATCH] Bug 37553: Consistently send Csrf-Token in request header This change consistently sends the Csrf-Token in the request header. Previously, one POST sent it in the request body, while the other POST sent it in the request header. Since we're using an API, it's best for us to always send it in the request header Test plan: 0. Apply the patch 1. perl ./misc/migration_tools/koha-svc.pl \ http://localhost:8081/cgi-bin/koha/svc koha koha 29 > bib-29.xml 2. perl ./misc/migration_tools/koha-svc.pl \ http://localhost:8081/cgi-bin/koha/svc koha koha 29 bib-29.xml 3. Note that the following appears in STDOUT and there is no 403 error: "update 29 from bib-29.xml" Signed-off-by: David Nind Signed-off-by: Marcel de Rooy Signed-off-by: Katrin Fischer --- misc/migration_tools/koha-svc.pl | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/misc/migration_tools/koha-svc.pl b/misc/migration_tools/koha-svc.pl index 83c72a99be..929380fa87 100755 --- a/misc/migration_tools/koha-svc.pl +++ b/misc/migration_tools/koha-svc.pl @@ -110,7 +110,8 @@ sub new { my $resp = $ua->post( "$url/authentication", - { login_userid => $user, login_password => $password, csrf_token => $csrf_token } + 'Csrf-Token' => $csrf_token, + 'Content' => { login_userid => $user, login_password => $password } ); die $resp->status_line unless $resp->is_success; @@ -152,9 +153,11 @@ sub post { my $url = $self->{url}; warn "# post $url/bib/$biblionumber\n" if $self->{debug}; my $csrf_token = $self->{csrf_token}; - my $resp = $self->{ua}->post( - "$url/bib/$biblionumber", 'Content_type' => 'text/xml', Content => $marcxml, - csrf_token => $csrf_token + my $resp = $self->{ua}->post( + "$url/bib/$biblionumber", + 'Content_type' => 'text/xml', + 'Csrf_Token' => $csrf_token, + 'Content' => $marcxml, ); die $resp->status_line unless $resp->is_success; return $resp->decoded_content; -- 2.39.5