Description
Describe the bug
I have a form which is submitted with the JQuery $('#form').submit() with a target on a different page. When submitting I get a '403 Access Forbidden by CSRFProtector!' error. After debugging a bit I found that no tokens are being send in the header of the request (but they are send in the cookie). This is caused by the csrfprotector.js not intercepting the submit event and thus not attaching the tokens to the request. In the attached screen shot you can see that the csrfprotector.js is loaded but none of the breakpoints are hit when pressing the submit button.
To Reproduce
There is additional infrastructure that redirects the urls to the correct php files (e.g. /some/path?command=list goes to the list php file). There is also a file where the csrf is initialized.
test list PHP source
<?php
class test_list {
public function __construct()
{
global $sm, $db;
$this->sm = $sm; //smarty
}
public function run() {
$this->sm->display("test_save.html");
}
}
?>
test save PHP source
<?php
class test_save {
public function __construct()
{
}
public function run() {
echo 'You made it!';
}
}
?>
test_save.html
<html>
<head>
<title>Test case</title>
</head>
<body>
<form id="form" name="form" method="post" action="">
<input type="text" name="someText" />
</form>
<button id="submitButton">Submit</button>
</body>
<script type="text/javascript" language="javascript" src="/scripts/jquery-1.12/jquery.js"></script>
<script type="text/javascript" src="/admin/test/js/save.js"></script>
</html>
save.js
$(document).ready(function() {
$("#submitButton").click(function(event) {
$('form#form').submit();
return false;
});
});
Expected behavior
The run method of the test_save.php file is executed
Screenshots (Optional)
** Error logs (Optional) **
Additional context
- Smarty templating service is used
- Chrome, Safari