After being locked out by a CSRF on a locally running docker instance while testing fhir-patint-domain, I would wish to use the qa-refapp.openmrs.org server as my FHIR testing OMRS instance since interacting with it via rest doesn’t require CSRF-Token.
However, it uses a FHR2 1.3.0 version hence misses latest changes. I would wish to upgrade this to have the latest build of FHIR2 module
cc @dkayiwa @ibacher @kdaud @sharif
I would think disabling the CSRF functionality can be the way to go if you are to use the docker instance since the property is being supported by only Platform 2.6.0 and docker instance is running a lower platform version. The settings are residing in csrfguard.properties file where you can disable the functionality by setting it to
I would wish to upgrade this to have the latest build of FHIR2 module
@dkayiwa has of recent switched the qa-refapp to run the latest snapshot of fhir module as per the commit at Upgrade fhir to version 1.4.0-SNAPSHOT · openmrs/openmrs-distro-referenceapplication@672d0be · GitHub
setting owasp-csrf to false would be simple if i was using the sdk but using docker is hard (accessing running container files in docker isn’t such a simple thing)
Thank you @kdaud @dkayiwa It is now referencing the latest
@jnsereko Are you now sorted. Do you mind explaining what exactly you did and you are good to go ?.
@dkayiwa merged a PR that upgraded the version