https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36094
--- Comment #25 from David Cook <[email protected]> --- (In reply to David Cook from comment #23) > Of course, at some point, we'll add CSRF protection to the REST API. For > that, we'll either require OAuth2 which doesn't need the CSRF tokens, or if > they are using Basic Auth, we'll need to require people to use cookies and > do something like 'GET /svc/authentication". Actually, looking at Koha/REST/V1/Auth.pm, it looks like neither OAuth2 or Basic Auth would need the CSRF. It's just the cookie auth that would need the CSRF protection, and that would just be from within Koha. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
