Merge pull request #1371 from symfony/autocomplete-off

[stimulus-bundle] Use defaultValue to change the value of hidden CSRF fields
symfony · Jan 6, 2025 · 7e10c1d · 7e10c1d
2 parents d061eb3 + b14ca06
commit 7e10c1d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js b/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js
@@ -14,7 +14,7 @@ document.addEventListener('submit', function (event) {
 
     if (!csrfCookie && nameCheck.test(csrfToken)) {
         csrfField.setAttribute('data-csrf-protection-cookie-value', csrfCookie = csrfToken);
-        csrfField.value = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
+        csrfField.defaultValue = csrfToken = btoa(String.fromCharCode.apply(null, (window.crypto || window.msCrypto).getRandomValues(new Uint8Array(18))));
     }
 
     if (csrfCookie && tokenCheck.test(csrfToken)) {