From 92d7b5e86c614fa0c906939404974cf5a33b3b56 Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Mon, 26 Feb 2024 11:29:17 +0100 Subject: [PATCH] Bug 36148: Do not deal with CSRF error in get_template_and_user We deal with that in the middleware, we don't want 403.pl to early exit. If we notice that we actually need it (for other scripts), we could eventually add a new flag to get_template_and_user to skip the CSRF check, or build the template without using get_template_and_user for errors/* scripts. Signed-off-by: Jonathan Druart --- C4/Auth.pm | 4 ---- 1 file changed, 4 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index 9c4c7842e6..44af94f33d 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -640,10 +640,6 @@ sub get_template_and_user { $template->param( logged_in_user => $patron ); $template->param( sessionID => $sessionID ); - if ( $ENV{'plack.middleware.Koha.CSRF'} ) { - C4::Output::output_and_exit( $in->{query}, $cookie, $template, $ENV{'plack.middleware.Koha.CSRF'} ); - } - return ( $template, $borrowernumber, $cookie, $flags ); } -- 2.39.5