diff --git a/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js b/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js index 2811f210b..ea43ebef8 100644 --- a/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js +++ b/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js @@ -2,6 +2,8 @@ const nameCheck = /^[-_a-zA-Z0-9]{4,22}$/; const tokenCheck = /^[-_\/+a-zA-Z0-9]{24,}$/; // Generate and double-submit a CSRF token in a form field and a cookie, as defined by Symfony's SameOriginCsrfTokenManager +// Use `form.requestSubmit()` to ensure that the submit event is triggered. Using `form.submit()` will not trigger the event +// and thus this event-listener will not be executed. document.addEventListener('submit', function (event) { generateCsrfToken(event.target); }, true);