What happened?
When setting up freeform, the default value for the setting:
CSRF Token Refresh Method
You can control how CSRF tokens refresh by choosing between refreshing once per page view (recommended) or on every AJAX request. This helps ensure secure, automatic token handling even when using page caching.
Is set to Never.
But, the recommended option is:
Once Per Page View (recommended)
csrfRefresh: once
Shouldn't that be the default?
How can we reproduce this?
- Make a fresh install of freeform
Freeform Edition
Pro
Freeform Version
5.15.9
Craft Version
5.9.22
When did this issue start?
What happened?
When setting up freeform, the default value for the setting:
CSRF Token Refresh Method
You can control how CSRF tokens refresh by choosing between refreshing once per page view (recommended) or on every AJAX request. This helps ensure secure, automatic token handling even when using page caching.
Is set to Never.
But, the recommended option is:
Once Per Page View (recommended)
csrfRefresh: onceShouldn't that be the default?
How can we reproduce this?
Freeform Edition
Pro
Freeform Version
5.15.9
Craft Version
5.9.22
When did this issue start?