From 29b420dff88eacf150e7ba4e9ee476514d58a3dd Mon Sep 17 00:00:00 2001
From: Tim Korn <45600940+DigitalTimK@users.noreply.github.com>
Date: Thu, 22 May 2025 18:48:53 +0200
Subject: [PATCH] Add a remark to submit-eventListener

---
 .../2.20/assets/controllers/csrf_protection_controller.js       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js b/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js
index 2811f210b..ea43ebef8 100644
--- a/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js
+++ b/symfony/stimulus-bundle/2.20/assets/controllers/csrf_protection_controller.js
@@ -2,6 +2,8 @@ const nameCheck = /^[-_a-zA-Z0-9]{4,22}$/;
 const tokenCheck = /^[-_\/+a-zA-Z0-9]{24,}$/;
 
 // Generate and double-submit a CSRF token in a form field and a cookie, as defined by Symfony's SameOriginCsrfTokenManager
+// Use `form.requestSubmit()` to ensure that the submit event is triggered. Using `form.submit()` will not trigger the event
+// and thus this event-listener will not be executed.
 document.addEventListener('submit', function (event) {
     generateCsrfToken(event.target);
 }, true);