https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37040
Bug ID: 37040
Summary: ErrorDocument accidentally setting off CSRF
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
As Michal Kula noted on Mattermost, trying to log into
http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=9908
in main will yield a bizarre HTTP response that includes headers for a 403
response and a 200 response...
This is due to a bug in addbiblio.pl, but it's also causing the CSRF to fire
for the ErrorDocument, so we need to fix that. I have an idea for it...
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
