Ajax form submission removing CSRF token on submit, and adding it back in after. #156
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I am submitting a form POST request via jquery on('submit').
What I've noticed is that it's being intercepted, it's removing the CSRF token, executing my ajax call then adding the CSRF token back.
I'm trying to understand why it would remove it and then execute the POST req.
The block of code seems to be this:
/**
* Add wrapper for HTMLFormElements addEventListener so that any further
* addEventListens won't have trouble with CSRF token
* todo - check for method
*/
HTMLFormElement.prototype.addEventListener_ = HTMLFormElement.prototype.addEventListener;
HTMLFormElement.prototype.addEventListener = function(eventType, fun, bubble) {
if (eventType === 'submit') {
var wrapped = CSRFP.csrfpWrap(fun, this);
this.addEventListener(eventType, wrapped, bubble);
} else {
this.addEventListener_(eventType, fun, bubble);
}
};
csrfpWrap is removing the CSRF token from my form request, executing it and then adding my CSRF token back after it starts the request.
Additional context
The text was updated successfully, but these errors were encountered: