https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41812
Bug ID: 41812
Summary: xt/find-missing-csrf.t failing when JS contains
csrf_token hidden input
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Test Suite
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
Depends on: 41565
commit 7a80a9be011071d504b7ed2aa2190433aed772a5
Bug 41565: Tidy kohaTable - bookings/list.tt
+ const csrf_token =
$('meta[name="csrf-token"]').attr("content");
result += `
<form name="checkout-transform" method="post"
action="/cgi-bin/koha/circ/circulation.pl?borrowernumber=%s">
- [% INCLUDE 'csrf-token.inc' %]
+ <input type="hidden" name="csrf_token"
value="${csrf_token}" />
<input type="hidden" name="op"
value="cud-checkout"/>
<input type="hidden" name="borrowernumber"
value="%s"/>
<input type="hidden" name="barcode"
value="%s"/>
This code injected the csrf token using the TT include file, that made pass
xt/find-missing-csrf.t
This bug removed the TT tags from the script tags, and we now need to use a JS
variable and retrieve the csrf token from the meta tag.
The test needs to be adjusted.
Referenced Bugs:
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41565
[Bug 41565] Tidy kohaTable block - bookings
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
