https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=39305
Baptiste Wojtkowski (bwoj) <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #179188|0 |1 is obsolete| | --- Comment #10 from Baptiste Wojtkowski (bwoj) <[email protected]> --- Created attachment 179212 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=179212&action=edit Bug 39305: Display a warning on the about page if Plack is not running CSRF protection is only working if Koha is running under Plack. The about page is not showing any errors if plack is not running. Test plan: 0. Do not apply this patch 1. Go to the about page => Notice the "PSGI" entry in the "Server information" tab 2. Disable plack koha-plack --disable kohadev && restart_all 3. Go to the about page => Notice that the "PSGI" entry is not displayed, and nothing indicates that plack is not running 4. Apply this patch => "PSGI" now shows "Koha is running in CGI mode. This is a security issue! Use koha-plack --help" Better wording idea welcome. Signed-off-by: David Nind <[email protected]> Signed-off-by: Baptiste Wojtkowski <[email protected]> -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
