Open
Description
Describe the bug
Certain Chrome Extensions (I only found LastPass) conflict with this Plugin at POST. The Token is not set as a POST value, so the Token verification always fails. By disabling LastPass, the Token verification is successful. Because LastPass changes the page after a login request, this issue happens during a login phase.
To Reproduce
- Install and enable LastPass from the Chrome Webstore.
- Login to LastPass.
- Open a page with CSRF Protector enabled with login inputs. LastPass should be present as an icon inside the inputs.
- After the login info is sent to the server, the Token verification fails.
Additional context
- PHP Version: 7.2
- Browser: Google Chrome, last version at the moment of writing.
I had this issue with LastPass, but it may happen with other browser plugins as well. It seems to override the Javascript function which retrieves the token and prepare it to be sent alongside the other POST values.