ENGCOM-6199: Prevent adding form keys to forms with external action URLs #25336

Author: VladimirZaets

lib/web/mage/common.js

@@ -20,8 +20,14 @@ define([
             var formKeyElement,
                 existingFormKeyElement,
                 isKeyPresentInForm,
+                isActionExternal,
+                baseUrl = window.BASE_URL,
                 form = $(e.target),
-                formKey = $('input[name="form_key"]').val();
+                formKey = $('input[name="form_key"]').val(),
+                formMethod = form.prop('method'),
+                formAction = form.prop('action');
+
+            isActionExternal = formAction.indexOf(baseUrl) !== 0;
 
             existingFormKeyElement = form.find('input[name="form_key"]');
             isKeyPresentInForm = existingFormKeyElement.length;
@@ -32,7 +38,7 @@ define([
                 isKeyPresentInForm = form.find('> input[name="form_key"]').length;
             }
 
-            if (formKey && !isKeyPresentInForm && form[0].method !== 'get') {
+            if (formKey && !isKeyPresentInForm && !isActionExternal && formMethod !== 'get') {
                 formKeyElement = document.createElement('input');
                 formKeyElement.setAttribute('type', 'hidden');
                 formKeyElement.setAttribute('name', 'form_key');