Web OPAC /goto uncertified relocate
- Product: Aleph
- Product Version: 22,23,24
- Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local, TotalCare
Description
With the default Apache configuration it is currently possible to relocate to a different page using option /goto.
Resolution
In order to prevent uncertified relocation to a different page or Website, it is highly recommended that Aleph customers implement the following
For customers not using Patron Directory Service (PDS)*
1. Remove section <Location /goto> from the Apache configuration
/alephe/apache/conf/httpd.conf
<Location /goto>
SetHandler perl-script
PerlResponseHandler Relocate
</Location>
Restart apache
apcb
./apachectl_restart
PDS customers
Follow implementation notes of rc 3125 (Version 22)
1) Verify that the file uncertified-host-goto-error exists under ./pds/html_form/global directory.
If the file doesn't exist, run the following command:
cp uncertified-host-error uncertified-host-goto-error
2) Verify that ./pds/conf_table/general_conf file is configured with the allowed hosts:
[ALLOWED_HOSTS]
HOSTS = <my host domain>
CHECK = Y
[END]
Additional Information
How do I know if my institution is using PDS in the Aleph system?
Check the configuration of
$alephe/tab/tab100
PDS-AWARE=Y - your institution is using PDS - follow the instructions of 'PDS customers'
PDS-AWARE=N - your institution is not using PDS - follow the instructions of 'for customers not using Patron Directory Service (PDS)'
- Article last edited: 14-Nov-2023