http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14994
--- Comment #2 from Martin Persson <[email protected]> --- Created attachment 43691 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=43691&action=edit Bug 14994 - Request proxy (added opac-proxy.pl) This patch adds a new opac page that is used as an endpoint for external web requests such as RSS feeds. This allows user scripts to pull data via XHR requests from external resources without violating the 'same-origin' restriction. I would appreciate some feedback on security implications of doing this. Might need to add some DoS protection etc. The script takes a single parameter; 'id', the number of the feed to retrieve. This is an offset into an array of URLs stored in the system preference named 'RequestProxyURL'. The offset i based on 1 to make it easier for non-technical people. The first feed is '1', '0' is invalid. Test plan: 1) Apply the syspref patch first. 2) Apply this patch. 3) Enable the request proxy by going into System Preferences, Web Services, set RequestProxyEnabled to 'yes' and enter a test URL such as: http://hyltebiblioteken.blogspot.se/feeds/posts/default and: http://bokbastisarna.blogspot.com/feeds/posts/default into RequestProxyURL. 4) Save and go to the new url: http://127.0.1.1/cgi-bin/koha/opac-proxy.pl?id=1 You should get the content of the first URL with 'id' = 1. With 'id' = 2 you should get the second URL. With 'id' = 3 you should get a 503 error. 5) Disable the service again, 'RequestProxyEnabled' = no. 6) Go back to the proxy url, you should now receive a 503 error even for valid feed id's AND for invalid ones. Sponsored-By: Halland County Library -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
