projects / koha.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34a3c3b) | patch
Bug 36351: Add CSRF tokens to advanced cataloguing editor POST requests
authorNick Clemens <nick@bywatersolutions.com>
Mon, 18 Mar 2024 17:28:56 +0000 (17:28 +0000)
committerKatrin Fischer <katrin.fischer@bsz-bw.de>
Wed, 20 Mar 2024 17:39:42 +0000 (18:39 +0100)
commit0cbc99a3739d6a90fa4c17bde9a47d99ec6d8a0a
tree3a5b9a7960a4ef927d7d5c66b1122de66d491a2etree | snapshot
parent34a3c3b8f69ac859758dfa0e1b732e8021e549c1commit | diff
Bug 36351: Add CSRF tokens to advanced cataloguing editor POST requests

The editor uses ajax post requests to SVC api.
Becuase these apis are XML based requests, they must be handled in the simplest way, by
embedding the token as a header

To test:
1 - Browse to Cataloguing->Advanced editor
2 - Fill out needed values and save
3 - 403 error
4 - Apply patch
5 - Reload and try agian, success!
6 - Edit and save again, success!

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
koha-tmpl/intranet-tmpl/lib/koha/cateditor/koha-backend.js diff | blob | history
koha-tmpl/intranet-tmpl/prog/js/fetch/api-client.js diff | blob | history
koha-tmpl/intranet-tmpl/prog/js/fetch/cataloguing-api-client.js [new file with mode: 0644] blob
Main Koha release repository