https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37056
Bug ID: 37056
Summary: CSRF error on login when user js contains a fetch of
svc/report
Change sponsored?: ---
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
It is quite common for libraries to add JS to fetch report results using
svc/report on the intranet
Currently, this will break logins, because svc/report uses
"get_template_and_user" to verify against "intranet-main.tt"
This generates a new csrf token, and fails the login.
To recreate:
1 - Create a report
2 - Add to IntranetUserJs:
$(document).ready(function() {
// Your report ID
var reportId = '492';
// Fetch the report
$.get('/cgi-bin/koha/svc/report?id=' + reportId, function(data) {
console.log('Kaboom');
});
});
3 - Log out
4 - Attempt to login
5 - KO
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
