javascript: fix "form.submit is not a function" errors

zandbelt · zandbelt · commit ba21dc36778b · 2025-05-27T19:32:33.000+02:00
use HTMLFormElement.prototype.submit.call(document.forms[0]) on all
Javascript auto-submit POST forms; affects:
  - OpenID Connect Implicit response type (OIDCResponseType id_token *)
  - Form Post response type (OIDCResponseMode form_post)
  - send authentication request via POST binding
(OIDCProviderAuthRequestMethod POST)
  - preserving POST data (OIDCPreservePost On)

Signed-off-by: Hans Zandbelt &lt;hans.zandbelt@openidc.com&gt;
diff --git a/ChangeLog b/ChangeLog
@@ -1,5 +1,16 @@
 05/27/2025
 - fix usage of OIDCPreservePostTemplates, regression in 2.4.17; see #1325; thanks @perry19987
+- javascript: use HTMLFormElement.prototype.submit.call(document.forms[0]) on all Javascript
+  auto-submit POST forms to prevent browser Javascript error: "form.submit is not a function"
+  affects:
+    - OpenID Connect Implicit response type (OIDCResponseType id_token *)
+    - Form Post response type (OIDCResponseMode form_post)
+    - send authentication request via POST binding (OIDCProviderAuthRequestMethod POST)
+    - preserving POST data (OIDCPreservePost On)
+  see:
+     https://trackjs.com/blog/when-form-submit-is-not-a-function/ 
+     https://stackoverflow.com/questions/833032/submit-is-not-a-function-error-in-javascript
+     https://www.geeksforgeeks.org/how-to-solve-submit-is-not-a-function-error-in-javascript/
 
 05/22/2025
 - metrics: avoid possible segfault after restart twice; thanks @atzm
diff --git a/src/handle/response.c b/src/handle/response.c
@@ -150,11 +150,11 @@ apr_byte_t oidc_response_post_preserve_javascript(request_rec *r, const char *lo
 			return TRUE;
 	}
 
-	const char *jmethod = "preserveOnLoad";
+	const char *jmethod = "preserveOnLoad()";
 	const char *jscript = apr_psprintf(
 	    r->pool,
 	    "    <script type=\"text/javascript\">\n"
-	    "      function %s() {\n"
+	    "      function %s {\n"
 	    "        sessionStorage.setItem('mod_auth_openidc_preserve_post_params', JSON.stringify(%s));\n"
 	    "        %s"
 	    "      }\n"
@@ -179,7 +179,7 @@ static int oidc_response_post_preserved_restore(request_rec *r, const char *orig
 
 	oidc_debug(r, "enter: original_url=%s", original_url);
 
-	const char *method = "postOnLoad";
+	const char *method = "postOnLoad()";
 	const char *script =
 	    apr_psprintf(r->pool,
 			 "    <script type=\"text/javascript\">\n"
@@ -191,7 +191,7 @@ static int oidc_response_post_preserved_restore(request_rec *r, const char *orig
 			 "        }\n"
 			 "        return result;\n"
 			 "      }\n"
-			 "      function %s() {\n"
+			 "      function %s {\n"
 			 "        var mod_auth_openidc_preserve_post_params = "
 			 "JSON.parse(sessionStorage.getItem('mod_auth_openidc_preserve_post_params'));\n"
 			 "		 sessionStorage.removeItem('mod_auth_openidc_preserve_post_params');\n"
@@ -203,7 +203,7 @@ static int oidc_response_post_preserved_restore(request_rec *r, const char *orig
 			 "          document.forms[0].appendChild(input);\n"
 			 "        }\n"
 			 "        document.forms[0].action = \"%s\";\n"
-			 "        document.forms[0].submit();\n"
+			 "        HTMLFormElement.prototype.submit.call(document.forms[0]);\n"
 			 "      }\n"
 			 "    </script>\n",
 			 method, oidc_util_html_javascript_escape(r->pool, original_url));
diff --git a/src/handle/session_management.c b/src/handle/session_management.c
@@ -138,7 +138,7 @@ static int oidc_session_management_iframe_rp(request_rec *r, oidc_cfg_t *c, oidc
 	java_script = apr_psprintf(r->pool, java_script, origin, client_id, session_state ? session_state : "",
 				   login_uri ? login_uri : "", op_iframe_id, poll_interval, redirect_uri, redirect_uri);
 
-	return oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_HTML, NULL, java_script, "setTimer", NULL);
+	return oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_HTML, NULL, java_script, "setTimer()", NULL);
 }
 
 /*
diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
@@ -977,7 +977,7 @@ static int oidc_javascript_implicit(request_rec *r, oidc_cfg_t *c) {
 	    "          document.forms[0].appendChild(input);\n"
 	    "        }\n"
 	    "        document.forms[0].action = window.location.href.substr(0, window.location.href.indexOf('#'));\n"
-	    "        document.forms[0].submit();\n"
+	    "        HTMLFormElement.prototype.submit.call(document.forms[0]);\n"
 	    "      }\n"
 	    "    </script>\n";
 
@@ -990,7 +990,7 @@ static int oidc_javascript_implicit(request_rec *r, oidc_cfg_t *c) {
 				"    </form>\n";
 
 	/* prepare HTML/Javascript page to be sent in the content handler */
-	return oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_HTML, "Submitting...", java_script, "postOnLoad",
+	return oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_HTML, "Submitting...", java_script, "postOnLoad()",
 					   html_body);
 }
 
diff --git a/src/proto/request.c b/src/proto/request.c
@@ -693,7 +693,7 @@ int oidc_proto_request_auth(request_rec *r, struct oidc_provider_t *provider, co
 
 		/* signal this to the content handler */
 		rv = oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_AUTHN_POST, "Submitting...", NULL,
-						 "document.forms[0].submit", html_body);
+						 "HTMLFormElement.prototype.submit.call(document.forms[0])", html_body);
 
 	} else if (oidc_proto_profile_auth_request_method_get(provider) == OIDC_AUTH_REQUEST_METHOD_PAR) {
 
@@ -722,7 +722,7 @@ int oidc_proto_request_auth(request_rec *r, struct oidc_provider_t *provider, co
 			if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_HTTP) == NULL) {
 				/* signal this to the content handler */
 				rv = oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE,
-								 "Preserving...", javascript, "preserveOnLoad",
+								 "Preserving...", javascript, "preserveOnLoad()",
 								 "<p>Preserving...</p>");
 			}
 		}
diff --git a/src/util/html.c b/src/util/html.c
@@ -188,9 +188,9 @@ int oidc_util_html_send(request_rec *r, const char *title, const char *html_head
 		     "  </body>\n"
 		     "</html>\n";
 
-	html = apr_psprintf(
-	    r->pool, html, title ? oidc_util_html_escape(r->pool, title) : "", html_head ? html_head : "",
-	    on_load ? apr_psprintf(r->pool, " onload=\"%s()\"", on_load) : "", html_body ? html_body : "<p></p>");
+	html = apr_psprintf(r->pool, html, title ? oidc_util_html_escape(r->pool, title) : "",
+			    html_head ? html_head : "", on_load ? apr_psprintf(r->pool, " onload=\"%s\"", on_load) : "",
+			    html_body ? html_body : "<p></p>");
 
 	return oidc_util_http_send(r, html, _oidc_strlen(html), OIDC_HTTP_CONTENT_TYPE_TEXT_HTML, status_code);
 }
diff --git a/test/post_restore.template b/test/post_restore.template
@@ -23,7 +23,7 @@
 					document.forms[0].appendChild(input);
 				}
 				document.forms[0].action = "%s";
-				document.forms[0].submit();
+				HTMLFormElement.prototype.submit.call(document.forms[0]);
 			}
 		</script>			
 	</head>

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ static int oidc_session_management_iframe_rp(request_rec r, oidc_cfg_t c, oidc`
`138`	`138`	`java_script = apr_psprintf(r->pool, java_script, origin, client_id, session_state ? session_state : "",`
`139`	`139`	`login_uri ? login_uri : "", op_iframe_id, poll_interval, redirect_uri, redirect_uri);`
`140`	`140`
`141`		`- return oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_HTML, NULL, java_script, "setTimer", NULL);`
	`141`	`+ return oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_HTML, NULL, java_script, "setTimer()", NULL);`
`142`	`142`	`}`
`143`	`143`
`144`	`144`	`/*`
Original file line number	Diff line number	Diff line change
`@@ -693,7 +693,7 @@ int oidc_proto_request_auth(request_rec r, struct oidc_provider_t provider, co`
`693`	`693`
`694`	`694`	`/* signal this to the content handler */`
`695`	`695`	`rv = oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_AUTHN_POST, "Submitting...", NULL,`
`696`		`- "document.forms[0].submit", html_body);`
	`696`	`+ "HTMLFormElement.prototype.submit.call(document.forms[0])", html_body);`
`697`	`697`
`698`	`698`	`} else if (oidc_proto_profile_auth_request_method_get(provider) == OIDC_AUTH_REQUEST_METHOD_PAR) {`
`699`	`699`
`@@ -722,7 +722,7 @@ int oidc_proto_request_auth(request_rec r, struct oidc_provider_t provider, co`
`722`	`722`	`if (oidc_request_state_get(r, OIDC_REQUEST_STATE_KEY_HTTP) == NULL) {`
`723`	`723`	`/* signal this to the content handler */`
`724`	`724`	`rv = oidc_util_html_content_prep(r, OIDC_REQUEST_STATE_KEY_AUTHN_PRESERVE,`
`725`		`- "Preserving...", javascript, "preserveOnLoad",`
	`725`	`+ "Preserving...", javascript, "preserveOnLoad()",`
`726`	`726`	`"<p>Preserving...</p>");`
`727`	`727`	`}`
`728`	`728`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@`
`23`	`23`	`document.forms[0].appendChild(input);`
`24`	`24`	`}`
`25`	`25`	`document.forms[0].action = "%s";`
`26`		`- document.forms[0].submit();`
	`26`	`+ HTMLFormElement.prototype.submit.call(document.forms[0]);`
`27`	`27`	`}`
`28`	`28`	`</script>`
`29`	`29`	`</head>`