Fix form behavior when response mode is form_post

This commit contains the following three fixes - Fix to automatically post the redirect form - Fix to prevent sending empty state when form_post - Fix to not send authenticity token when form_post
doorkeeper-gem · May 18, 2021 · 95224e7 · 95224e7
1 parent a56b1a5
commit 95224e7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ User-visible changes worth mentioning.
 - [#PR ID] Add your PR description here.
 - [#1502] Drop support for Ruby 2.4 because of EOL.
 - [#1504] Updated the url fragment in the comment.
+- [#1512] Fix form behavior when response mode is form_post.
 
 ## 5.5.1
 

diff --git a/app/views/doorkeeper/authorizations/form_post.html.erb b/app/views/doorkeeper/authorizations/form_post.html.erb
@@ -2,10 +2,14 @@
   <h1><%= t('.title') %></h1>
 </header>
 
-<main role="main" onload="document.forms[0].submit()">
-  <%= form_tag @pre_auth.redirect_uri, method: :post do %>
-    <% @authorize_response.body.each do |key, value| %>
-      <%= hidden_field_tag key, value %>
-    <% end %>
+<%= form_tag @pre_auth.redirect_uri, method: :post, name: :redirect_form, authenticity_token: false do %>
+  <% @authorize_response.body.compact.each do |key, value| %>
+    <%= hidden_field_tag key, value %>
   <% end %>
-</main>
+<% end %>
+
+<script>
+  window.onload = function () {
+    document.forms['redirect_form'].submit();
+  };
+</script>