https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42066
Bug ID: 42066
Summary: CSRF-token sometimes missing from pages
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: OPAC
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
To reproduce in KTD:
- In your console, keep an eye on the logs:
$ sudo tail -f /var/log/koha/kohadev/plack*.log
- Open the SCO main page (http://localhost:8080/cgi-bin/koha/sco/sco-main.pl)
in your browser, but do not do anything there
- Remove the path from the URL, in the address bar of your browser, so you just
have http://localhost:8080/, and press enter
- Use Ctrl+u or "developer tools" to view the source of the front page, search
for "csrf" and verify the elements that should contain the csrf token are
empty:
<meta name="csrf-token" content="" />
<input type="hidden" name="csrf_token" value="" />
- Log in an verify you get an error like this:
Error 403
This message can have the following reason(s):
An unexpected error occurred while processing your request.
- Check the logs and verify you have an error like this:
==> /var/log/koha/kohadev/plack-opac-error.log <==
[2026/03/11 08:12:41] [WARN] Programming error - No CSRF token passed for
POST http://localhost:8080/opac/opac-main.pl (referer: http://localhost:8080/)
at /kohadevbox/koha/Koha/Middleware/CSRF.pm line 97.
Moving from SCO to the main page like this is probably not something that
happens too often, but perhaps there is some underlying problem that can also
affect other parts of Koha?
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
