[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Martin Renvoize changed: What|Removed |Added CC|martin.renvoize@ptfs-europe | |.com| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Fridolin Somers changed: What|Removed |Added Status|Pushed to main |Needs documenting CC||fridolin.som...@biblibre.co ||m --- Comment #8 from Fridolin Somers --- Not for 23.11.x -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 --- Comment #7 from Katrin Fischer --- Pushed for 24.05! Well done everyone, thank you! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Katrin Fischer changed: What|Removed |Added Status|Passed QA |Pushed to main Version(s)||24.05.00 released in|| -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 --- Comment #6 from Katrin Fischer --- (In reply to Nick Clemens (kidclamp) from comment #5) > Untested, makes sense, simple patch, passing QA ... I'd be more confident with another SO or without that note ;) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Nick Clemens (kidclamp) changed: What|Removed |Added CC||n...@bywatersolutions.com Status|Signed Off |Passed QA --- Comment #5 from Nick Clemens (kidclamp) --- Untested, makes sense, simple patch, passing QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 --- Comment #4 from Nick Clemens (kidclamp) --- Created attachment 166726 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=166726=edit Bug 36414: OPAC - Skip csrf_token Skip csrf_token field if it already exists and is coming from a previous workflow stage form submission, as it's already included at the start of the form. The test plan requires EDS credentials in order to be followed. I'm available to help others through this test plan if required. Otherwise, I believe the code is simple enough to understand and follow what it's fixing without testing. Test plan: 1) Install an ILL availabililty plugin, e.g.: https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds 3) Configure the plugin and add EDS credentials 4) Enable ILLCheckAvailability sys pref 5) Enable ILLModuleDisclaimerByType by copying the example YAML block in the sys pref description 6) Create a new ILL request of type 'Book' and add a DOI 7) You should now be on the availabililty stage, click 'Continue adding your request' 8) You should now be on the type disclaimer stage, click 'Create' 9) Notice 'Wrong CSRF token' error. This happens because the type disclaimer stage is adding its own CSRF token in addition to the CSRF token coming from the previous availabililty stage 10) Apply patch. Repeat. No error -> Request is created as expected. 11) Do the same test plan on both Staff UI and OPAC Signed-off-by: Nick Clemens -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Nick Clemens (kidclamp) changed: What|Removed |Added Attachment #163785|0 |1 is obsolete|| Attachment #163786|0 |1 is obsolete|| --- Comment #3 from Nick Clemens (kidclamp) --- Created attachment 166725 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=166725=edit Bug 36414: Staff UI - Skip csrf_token Skip csrf_token field if it already exists and is coming from a previous workflow stage form submission, as it's already included at the start of the form. Signed-off-by: Nick Clemens -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Nick Clemens (kidclamp) changed: What|Removed |Added Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Pedro Amorim changed: What|Removed |Added Assignee|koha-b...@lists.koha-commun |pedro.amo...@ptfs-europe.co |ity.org |m -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Pedro Amorim changed: What|Removed |Added Patch complexity|--- |Trivial patch CC||lu...@bywatersolutions.com, ||nug...@gmail.com -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Pedro Amorim changed: What|Removed |Added Severity|enhancement |normal -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 --- Comment #2 from Pedro Amorim --- Created attachment 163786 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163786=edit Bug 36414: OPAC - Skip csrf_token Skip csrf_token field if it already exists and is coming from a previous workflow stage form submission, as it's already included at the start of the form. The test plan requires EDS credentials in order to be followed. I'm available to help others through this test plan if required. Otherwise, I believe the code is simple enough to understand and follow what it's fixing without testing. Test plan: 1) Install an ILL availabililty plugin, e.g.: https://github.com/PTFS-Europe/koha-plugin-ill-avail-eds 3) Configure the plugin and add EDS credentials 4) Enable ILLCheckAvailability sys pref 5) Enable ILLModuleDisclaimerByType by copying the example YAML block in the sys pref description 6) Create a new ILL request of type 'Book' and add a DOI 7) You should now be on the availabililty stage, click 'Continue adding your request' 8) You should now be on the type disclaimer stage, click 'Create' 9) Notice 'Wrong CSRF token' error. This happens because the type disclaimer stage is adding its own CSRF token in addition to the CSRF token coming from the previous availabililty stage 10) Apply patch. Repeat. No error -> Request is created as expected. 11) Do the same test plan on both Staff UI and OPAC -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 --- Comment #1 from Pedro Amorim --- Created attachment 163785 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=163785=edit Bug 36414: Staff UI - Skip csrf_token Skip csrf_token field if it already exists and is coming from a previous workflow stage form submission, as it's already included at the start of the form. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Pedro Amorim changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 36414] Consequent workflow stages form submit fail due to CSRF token conflict
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36414 Pedro Amorim changed: What|Removed |Added CC||da...@davidnind.com, ||jonathan.dru...@gmail.com, ||martin.renvoize@ptfs-europe ||.com -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
