Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

csrf_field should have autocomplete="off", on mobile devices I will get page expired error when it autocompletes my password #48370

Closed
maxheckel opened this issue Sep 12, 2023 · 2 comments
Closed

csrf_field should have autocomplete="off", on mobile devices I will get page expired error when it autocompletes my password #48370

maxheckel opened this issue Sep 12, 2023 · 2 comments

Comments

@maxheckel
Copy link
Contributor

Laravel Version

10.4.1

PHP Version

8.2.0

Database Driver & Version

No response

Description

Should replace the csrf_token method with this:


if (! function_exists('csrf_field')) {
    /**
     * Generate a CSRF token form field.
     *
     * @return \Illuminate\Support\HtmlString
     */
    function csrf_field()
    {
        return new HtmlString('<input type="hidden" name="_token" autocomplete="off" value="'.csrf_token().'">');
    }
}

Steps To Reproduce

On mobile safari, log into a username/password form and have it store your password. Attempt to login again and use autocomplete, you will get a 419 page expired error.
@maxheckel maxheckel changed the title csrf_field should have autocomplete="off", on mobile devices I will get page expired errors when it autocompletes my password csrf_field should have autocomplete="off", on mobile devices I will get page expired error when it autocompletes my password Sep 12, 2023
@maxheckel maxheckel mentioned this issue Sep 12, 2023
Merged
@driesvints
Copy link
Member

I don't think this is a Laravel bug sorry.

@elminson
Copy link

elminson commented Dec 3, 2023
edited

@driesvints I think you are right and is a bug on Safari mobile version.
But now we are not w3c Validator compliant
#49223

@elminson elminson mentioned this issue Dec 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@driesvints @maxheckel @elminson