File tree Expand file tree Collapse file tree 1 file changed +4
-2
lines changed
symfony/stimulus-bundle/2.24/assets/controllers Expand file tree Collapse file tree 1 file changed +4
-2
lines changed Original file line number Diff line number Diff line change 11const nameCheck = / ^ [ - _ a - z A - Z 0 - 9 ] { 4 , 22 } $ / ;
2- const tokenCheck = / ^ [ - _ \ /+ a - z A - Z 0 - 9 ] { 24 , } $ / ;
2+ const tokenCheck = / ^ [ - _ / + a - z A - Z 0 - 9 ] { 24 , } $ / ;
33
44// Generate and double-submit a CSRF token in a form field and a cookie, as defined by Symfony's SameOriginCsrfTokenManager
5+ // Use `form.requestSubmit()` to ensure that the submit event is triggered. Using `form.submit()` will not trigger the event
6+ // and thus this event-listener will not be executed.
57document . addEventListener ( 'submit' , function ( event ) {
68 generateCsrfToken ( event . target ) ;
79} , true ) ;
@@ -33,8 +35,8 @@ export function generateCsrfToken (formElement) {
3335 if ( ! csrfCookie && nameCheck . test ( csrfToken ) ) {
3436 csrfField . setAttribute ( 'data-csrf-protection-cookie-value' , csrfCookie = csrfToken ) ;
3537 csrfField . defaultValue = csrfToken = btoa ( String . fromCharCode . apply ( null , ( window . crypto || window . msCrypto ) . getRandomValues ( new Uint8Array ( 18 ) ) ) ) ;
36- csrfField . dispatchEvent ( new Event ( 'change' , { bubbles : true } ) ) ;
3738 }
39+ csrfField . dispatchEvent ( new Event ( 'change' , { bubbles : true } ) ) ;
3840
3941 if ( csrfCookie && tokenCheck . test ( csrfToken ) ) {
4042 const cookie = csrfCookie + '_' + csrfToken + '=' + csrfCookie + '; path=/; samesite=strict' ;
You can’t perform that action at this time.
0 commit comments