Dispatch event on CSRF form field value change (#1376)

smnandre · web-flow · commit 84862d352c50 · 2025-01-20T08:44:45.000+01:00
This allow support / compatibility with LiveComponent when action are done between form first render and submit (ex: another form submit with Turbo and double header check) See symfony/ux#2505
diff --git a/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js b/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js
@@ -15,6 +15,7 @@ document.addEventListener('submit', function (event) {
     if (!csrfCookie && nameCheck.test(csrfToken)) {
         csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);
         csrfField.defaultValue = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
+        csrfField.dispatchEvent(new Event('change', {bubbles: true}));
     }
 
     if (csrfCookie && tokenCheck.test(csrfToken)) {

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ document.addEventListener('submit', function (event) {`
`15`	`15`	`if (!csrfCookie && nameCheck.test(csrfToken)) {`
`16`	`16`	`csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);`
`17`	`17`	`csrfField.defaultValue = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto \|\| window.msCrypto).getRandomValues(new Uint8Array(18))));`
	`18`	`+ csrfField.dispatchEvent(new Event('change', {bubbles: true}));`
`18`	`19`	`}`
`19`	`20`
`20`	`21`	`if (csrfCookie && tokenCheck.test(csrfToken)) {`