Re: [Koha-devel] Koha CSRF protection

2024-04-13 Thread Julian Maurice via Koha-devel
ut an 'op' parameter, but will block a POST request with >> an >> 'op' parameter that does not start with 'cud-'. >> It looks like we could get rid of this prefix check without losing >> anything. What did I miss ? >> >> Le 04/03/2024 à 08:37, Marcel de Rooy via

Re: [Koha-devel] Koha CSRF protection

2024-04-13 Thread Tomas Cohen Arazi via Koha-devel
l allow a > >> POST > >> request without an 'op' parameter, but will block a POST request with > >> an > >> 'op' parameter that does not start with 'cud-'. > >> It looks like we could get rid of this prefix check without losing > >> anything. W

Re: [Koha-devel] Koha CSRF protection

2024-04-13 Thread Julian Maurice via Koha-devel
March 1, 2024 2:26 PM > *To:* Koha Devel ; Koha > > *Subject:* [Koha-devel] Koha CSRF protection > > Hello all! > > We have pushed the CSRF work from 34478 and related bugs today. We know > there are more follow-ups needed, and have filed a series of bugs under > an omnibus:

Re: [Koha-devel] Koha CSRF protection

2024-04-12 Thread Jonathan Druart via Koha-devel
> It looks like we could get rid of this prefix check without losing > anything. What did I miss ? > > Le 04/03/2024 à 08:37, Marcel de Rooy via Koha-devel a écrit : > > Great work! > > > > *From:*Koha-devel *On > > Behalf Of *Nick Clemens via Koha-devel > >

Re: [Koha-devel] Koha CSRF protection

2024-04-12 Thread Julian Maurice via Koha-devel
t:* Friday, March 1, 2024 2:26 PM *To:* Koha Devel ; Koha *Subject:* [Koha-devel] Koha CSRF protection Hello all! We have pushed the CSRF work from 34478 and related bugs today. We know there are more follow-ups needed, and have filed a series of bugs under an omnibus: https://bug

Re: [Koha-devel] Koha CSRF protection

2024-03-03 Thread Marcel de Rooy via Koha-devel
Great work! From: Koha-devel On Behalf Of Nick Clemens via Koha-devel Sent: Friday, March 1, 2024 2:26 PM To: Koha Devel ; Koha Subject: [Koha-devel] Koha CSRF protection Hello all! We have pushed the CSRF work from 34478 and related bugs today. We know there are more follow-ups needed

Re: [Koha-devel] Koha CSRF protection

2024-03-01 Thread Tomas Cohen Arazi via Koha-devel
Congrats team! El vie, 1 mar 2024 a las 10:26, Nick Clemens via Koha-devel (< koha-devel@lists.koha-community.org>) escribió: > Hello all! > > We have pushed the CSRF work from 34478 and related bugs today. We know > there are more follow-ups needed, and have filed a series of bugs under an >

[Koha-devel] Koha CSRF protection

2024-03-01 Thread Nick Clemens via Koha-devel
Hello all! We have pushed the CSRF work from 34478 and related bugs today. We know there are more follow-ups needed, and have filed a series of bugs under an omnibus: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192 We have a framapad where issues can be reported/found: