Kia ora koutou/Hello everyone,
We have several Koha integrations that require third-party systems to
call Koha ILS-DI endpoints.
For example, Bolinda (BorrowBox) which calls the GetPatronInfo ILS-DI
endpoint for authenticating users. Or the EBSCO EDS integration, which
can use Koha ILS-DI endpoints for fetching RTAC (Real-Time Availability
Check) data - alternatively, it can also integrate via Koha Z39.50.
Since Koha 24.05, ILS-DI requests for these integrations do not work,
because the Koha CSRF.pm
<https://git.koha-community.org/Koha-community/Koha/src/branch/main/Koha/Middleware/CSRF.pm>
file expects a CSRF token for all stateful methods (POST, PUT, DELETE,
PATCH requests), including ILS-DI endpoints.
As ILS-DI is designed to be used cross site, we would be interested to
hear the communities thoughts on what could, or should, be done to get
ILS-DI requests from third-party systems working again - given these
integrations do not pass through CSRF tokens.
To that end we have logged a bug report for having this conversation:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37899 I will
also link this bug report from the community Mattermost Development channel.
We would be interested to hear your thoughts on the bug report.
Thanks so much, as always,
Alex
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : https://www.koha-community.org/
git : https://git.koha-community.org/
bugs : https://bugs.koha-community.org/
