Ajax form submission removing CSRF token on submit, and adding it back in after. #156
Description
Describe the bug
I am submitting a form POST request via jquery on('submit').
What I've noticed is that it's being intercepted, it's removing the CSRF token, executing my ajax call then adding the CSRF token back.
I'm trying to understand why it would remove it and then execute the POST req.
The block of code seems to be this:
/**
* Add wrapper for HTMLFormElements addEventListener so that any further
* addEventListens won't have trouble with CSRF token
* todo - check for method
*/
HTMLFormElement.prototype.addEventListener_ = HTMLFormElement.prototype.addEventListener;
HTMLFormElement.prototype.addEventListener = function(eventType, fun, bubble) {
if (eventType === 'submit') {
var wrapped = CSRFP.csrfpWrap(fun, this);
this.addEventListener(eventType, wrapped, bubble);
} else {
this.addEventListener_(eventType, fun, bubble);
}
};
csrfpWrap is removing the CSRF token from my form request, executing it and then adding my CSRF token back after it starts the request.
Additional context
- PHP Version (example: php 8.026)
- Framework, if applicable - Jquery AJAX
- Browser - Chrome