https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42876
--- Comment #5 from David Cook <[email protected]> --- So having just one CSRF token for the session would be interesting, but it is worth noting that printing this same token in the HTML could lead to a breach attack, which is why libraries will typically mask the token value so that it's not repeatable across multiple requests: https://metacpan.org/pod/WWW::CSRF https://docs.djangoproject.com/en/6.0/howto/csrf/ -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
