[Bug 22522] New: ILL API breaks with updated Mojolicious version

classic Classic list List threaded Threaded
61 messages Options
123
Reply | Threaded
Open this post in threaded view
|

[Bug 22522] API authentication breaks with updated Mojolicious version

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22522

--- Comment #84 from Victor Grousset/tuxayo <[hidden email]> ---
(In reply to Magnus Enger from comment #10)
> This fixes a major security problem, I'm upping the importance and changing
> the component from ILL to "REST API".

Wow, I missed that.

After a quick test I confirm that I can't do this (on 19.05 and 18.11):

> Test plan:
> 1. Without being logged in to Koha, access an endpoint directly
   (such as /api/v1/patrons/{patron_id})
> 2. Notice results are received (which is bad since we're not authenticated)

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
123