From b7c6c0b502e6c5904e154c514d1533904061f03a Mon Sep 17 00:00:00 2001 From: Tomas Cohen Arazi Date: Fri, 1 Mar 2024 15:24:25 -0300 Subject: [PATCH] Bug 36193: Add more request information on Koha::Middleware::CSRF output Signed-off-by: Tomas Cohen Arazi Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer --- Koha/Middleware/CSRF.pm | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/Koha/Middleware/CSRF.pm b/Koha/Middleware/CSRF.pm index 41fd1438c2..afa581fa38 100644 --- a/Koha/Middleware/CSRF.pm +++ b/Koha/Middleware/CSRF.pm @@ -39,21 +39,25 @@ sub call { ); my $original_op = $req->param('op'); - my $request_method = $req->method // q{}; + my $request_method = $req->method // q{}; + my $uri = $req->uri // q{}; + my $referer = $req->referer // q{No referer}; + my ($error); if ( $stateless_methods{$request_method} && defined $original_op && $original_op =~ m{^cud-} ) { - $error = sprintf "Programming error - op '%s' must not start with 'cud-' for %s", $original_op, - $request_method; + $error = sprintf "Programming error - op '%s' must not start with 'cud-' for %s %s (referer: %s)", $original_op, + $request_method, $uri, $referer; } elsif ( $stateful_methods{$request_method} ) { # Get the CSRF token from the param list or the header my $csrf_token = $req->param('csrf_token') || $req->header('CSRF_TOKEN'); if ( defined $req->param('op') && $original_op !~ m{^cud-} ) { - $error = sprintf "Programming error - op '%s' must start with 'cud-' for %s", $original_op, - $request_method; + $error = sprintf "Programming error - op '%s' must start with 'cud-' for %s %s (referer: %s)", $original_op, + $request_method, $uri, $referer; } elsif ( !$csrf_token ) { - $error = sprintf "Programming error - No CSRF token passed for %s", $request_method; + $error = sprintf "Programming error - No CSRF token passed for %s %s (referer: %s)", $request_method, + $uri, $referer; } else { unless ( Koha::Token->new->check_csrf( -- 2.39.5