CSRF-Protector-PHP icon indicating copy to clipboard operation
CSRF-Protector-PHP copied to clipboard

Published 20 hours ago verified publisher icon mebjas

Ajax form submission removing CSRF token on submit, and adding it back in after.

Open CassadyCampos opened this issue 2 years ago • 0 comments

Describe the bug I am submitting a form POST request via jquery on('submit'). What I've noticed is that it's being intercepted, it's removing the CSRF token, executing my ajax call then adding the CSRF token back.

I'm trying to understand why it would remove it and then execute the POST req.

The block of code seems to be this: /** * Add wrapper for HTMLFormElements addEventListener so that any further * addEventListens won't have trouble with CSRF token * todo - check for method */ HTMLFormElement.prototype.addEventListener_ = HTMLFormElement.prototype.addEventListener; HTMLFormElement.prototype.addEventListener = function(eventType, fun, bubble) { if (eventType === 'submit') { var wrapped = CSRFP.csrfpWrap(fun, this); this.addEventListener(eventType, wrapped, bubble); } else { this.addEventListener_(eventType, fun, bubble); } }; csrfpWrap is removing the CSRF token from my form request, executing it and then adding my CSRF token back after it starts the request.

Additional context

  • PHP Version (example: php 8.026)
  • Framework, if applicable - Jquery AJAX
  • Browser - Chrome

CassadyCampos avatar May 10 '23 19:05 CassadyCampos