Skip to content

feat: Freeform 5.11 #1998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: v5
Choose a base branch
from
Open

feat: Freeform 5.11 #1998

wants to merge 7 commits into from

Conversation

kjmartens
Copy link
Contributor

@kjmartens kjmartens commented May 22, 2025

Changelog

  • feat(SFT-2077): add csrf auto-fetch for all forms, based on craft's async config value

Details

Form-Specific Email Templates

TBD

Form Monitoring Service

TBD

CSRF Token Auto-Fetch

The new auto-fetch mechanism for CSRF tokens for AJAX requests are sent from throughout Freeform, which are then added as X-Craft-Csrf headers to the requests. This new approach works in all scenarios and for cached templates out of the box, so there is no more need to fetch and replace CSRF tokens by yourself for cached pages.

Now the new CSRF auto-fetch mechanism only enables when Craft’s asyncCsrfInputs is set to true. When it is set to false a basic standard hidden input is generated into forms, just like before. When it is set to true the input is never added, and the token is fetched automatically upon request. (There is an exception if the form does not have AJAX enabled. Then the input is still added to the form).

There is a new setting that lets the user pick from two choices:

  • One fetches the token Once Per Page View, and reuses it (reduces the amount of additional AJAX requests)
  • Second fetches the token Every Time an AJAX request is made by Freeform (makes sure the “unable to verify submission” error never appears, as the token is always fresh).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants