After being locked out by a CSRF on a locally running docker instance while testing fhir-patint-domain, I would wish to use the qa-refapp.openmrs.org server as my FHIR testing OMRS instance since interacting with it via rest doesn’t require CSRF-Token.
However, it uses a FHR2 1.3.0 version hence misses latest changes. I would wish to upgrade this to have the latest build of FHIR2 module
I would think disabling the CSRF functionality can be the way to go if you are to use the docker instance since the property is being supported by only Platform 2.6.0 and docker instance is running a lower platform version. The settings are residing in csrfguard.properties file where you can disable the functionality by setting it to false
I would wish to upgrade this to have the latest build of FHIR2 module
@dkayiwa has of recent switched the qa-refapp to run the latest snapshot of fhir module as per the commit at Upgrade fhir to version 1.4.0-SNAPSHOT · openmrs/openmrs-distro-referenceapplication@672d0be · GitHub
setting owasp-csrf to false would be simple if i was using the sdk but using docker is hard (accessing running container files in docker isn’t such a simple thing)