Fix CSRF tokens with non GET requests

putyourlightson · Aug 8, 2024 · e9011bc · e9011bc
1 parent a476a2b
commit e9011bc
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Release Notes for Sprig Core
 
+## 3.3.1 - 2024-08-08
+
+### Fixed
+
+- Fixed CSRF tokens not being sent with requests using a method other than `GET`.
+
 ## 3.3.0 - 2024-08-08
 
 ### Added

diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
   "name": "putyourlightson/craft-sprig-core",
   "description": "A reactive Twig component framework for Craft.",
-  "version": "3.3.0",
+  "version": "3.3.1",
   "type": "craft-module",
   "license": "mit",
   "require": {

diff --git a/src/services/ComponentsService.php b/src/services/ComponentsService.php
@@ -429,7 +429,7 @@ private function parseSprigAttribute(array &$attributes): void
         $params = [];
         $method = strtolower($this->getSprigAttributeValue($attributes, 'method', 'get'));
 
-        if ($method === 'post') {
+        if ($method !== 'get') {
             $this->mergeJsonAttributes($attributes, 'headers', [
                 Request::CSRF_HEADER => Craft::$app->getRequest()->getCsrfToken(),
             ]);