If the network connectivity between the end client and Joget server is slower than expected, and the end user clicks on the form submission button before CSRF token is obtained.

In this scenario, the user will hit an error page. In order to mitigate this, add the following script into the userview builder's "Custom Javascript"


function checkCSRFEnableSubmit(){
    //check for csrf token before enabling form submit button
    csrfValue = $("input[type=hidden][name=OWASP_CSRFTOKEN]").size();    
    if(csrfValue > 0){
        //enable button
        $("input[type=submit]").prop("disabled",false);
    }else{
        //check again in next cycle
        setTimeout("checkCSRFEnableSubmit()", 1000);
    }
}

$(function(){

if ( $("form").size() > 0){
    $("input[type=submit]").prop("disabled",true);
    checkCSRFEnableSubmit();
}
    
});

The purpose of the script is to enable submit button in any form only after CSRF Token is obtained.

  • No labels