groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-01-19 16:49:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Use requestSubmit() in form cleanup controller to avoid CSFR issues

Browse source 
See #1191
This commit is contained in:
Jan Böhmer 2026-01-18 22:24:17 +01:00
parent 131023da67
commit 09cc2ba8ff
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
assets/controllers/helpers/form_cleanup_controller.js
View file

@ -62,6 +62,6 @@ export default class extends Controller {
element.disabled = true;
}
form.submit();
form.requestSubmit();
}
}
}

3
assets/js/webauthn_tfa.js
View file

@ -198,6 +198,7 @@ class WebauthnTFA {
{
const resultField = document.getElementById('_auth_code');
resultField.value = JSON.stringify(data)
//requestSubmit() do not work here, probably because the submit is considered invalid. But as we do not use CSFR tokens, it should be fine.
form.submit();
}
@ -232,4 +233,4 @@ class WebauthnTFA {
}
}
window.webauthnTFA = new WebauthnTFA();
window.webauthnTFA = new WebauthnTFA();