Mirrors/Part-DB-server
2
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-03-13 02:38:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use requestSubmit() in form cleanup controller to avoid CSFR issues

Browse Source 
See #1191
This commit is contained in:
Jan Böhmer
2026-01-18 22:24:17 +01:00
parent 131023da67
commit 09cc2ba8ff
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
assets/controllers/helpers/form_cleanup_controller.js
View File

@@ -62,6 +62,6 @@ export default class extends Controller {
element.disabled = true;
}
form.submit();
form.requestSubmit();
}
}
}

3
assets/js/webauthn_tfa.js
View File

@@ -198,6 +198,7 @@ class WebauthnTFA {
{
const resultField = document.getElementById('_auth_code');
resultField.value = JSON.stringify(data)
//requestSubmit() do not work here, probably because the submit is considered invalid. But as we do not use CSFR tokens, it should be fine.
form.submit();
}
@@ -232,4 +233,4 @@ class WebauthnTFA {
}
}
window.webauthnTFA = new WebauthnTFA();
window.webauthnTFA = new WebauthnTFA();