feat(view): add csrf token in x-form (#1441)

brendt · web-flow · commit e4daa515e0bd · 2025-07-29T09:56:12.000+02:00
diff --git a/packages/view/src/Components/x-form.view.php b/packages/view/src/Components/x-form.view.php
@@ -16,5 +16,7 @@
 ?>
 
 <form :action="$action" :method="$method" :enctype="$enctype">
+    <x-csrf-token />
+
     <x-slot />
 </form>
diff --git a/tests/Integration/View/Components/FormComponentTest.php b/tests/Integration/View/Components/FormComponentTest.php
@@ -11,35 +11,37 @@ public function test_form(): void
     {
         $html = $this->render('<x-form />');
 
-        $this->assertSnippetsMatch('<form method="POST"></form>', $html);
+        $this->assertStringContainsString('<form', $html);
+        $this->assertStringContainsString('method="POST"', $html);
+        $this->assertStringContainsString('#csrf_token', $html);
     }
 
     public function test_form_with_body(): void
     {
         $html = $this->render('<x-form>hi</x-form>');
 
-        $this->assertSnippetsMatch('<form method="POST">hi</form>', $html);
+        $this->assertStringContainsString('hi', $html);
     }
 
     public function test_form_with_string_method(): void
     {
         $html = $this->render('<x-form method="GET" />');
 
-        $this->assertSnippetsMatch('<form method="GET"></form>', $html);
+        $this->assertStringContainsString('method="GET"', $html);
     }
 
     public function test_form_with_enum_method(): void
     {
         $html = $this->render('<x-form :method="' . Method::class . '::GET" />');
 
-        $this->assertSnippetsMatch('<form method="GET"></form>', $html);
+        $this->assertStringContainsString('method="GET"', $html);
     }
 
     public function test_form_with_action(): void
     {
         $html = $this->render('<x-form action="/submit" />');
 
-        $this->assertSnippetsMatch('<form action="/submit" method="POST"></form>', $html);
+        $this->assertStringContainsString('action="/submit" method="POST"', $html);
     }
 
     public function test_form_with_enctype(): void
diff --git a/tests/Integration/View/ViewComponentTest.php b/tests/Integration/View/ViewComponentTest.php
@@ -172,25 +172,6 @@ public function test_slots_is_a_reserved_variable(): void
         $this->render('', slots: []);
     }
 
-    public function test_nested_components(): void
-    {
-        $this->assertSnippetsMatch(
-            expected: <<<'HTML'
-            <form action="#" method="POST"><div><div><label for="a">a</label><input type="number" name="a" id="a"></div></div><div><label for="b">b</label><input type="text" name="b" id="b"></div></form>
-            HTML,
-            actual: $this->render(
-                <<<'HTML'
-                <x-form action="#">
-                    <div>
-                        <x-input name="a" label="a" type="number"></x-input>
-                    </div>
-                    <x-input name="b" label="b" type="text" />
-                </x-form>
-                HTML,
-            ),
-        );
-    }
-
     public function test_scope_does_not_leak_data(): void
     {
         $html = $this->render(<<<'HTML'

Original file line number	Diff line number	Diff line change
`@@ -11,35 +11,37 @@ public function test_form(): void`
`11`	`11`	`{`
`12`	`12`	`$html = $this->render('<x-form />');`
`13`	`13`
`14`		`- $this->assertSnippetsMatch('<form method="POST"></form>', $html);`
	`14`	`+ $this->assertStringContainsString('<form', $html);`
	`15`	`+ $this->assertStringContainsString('method="POST"', $html);`
	`16`	`+ $this->assertStringContainsString('#csrf_token', $html);`
`15`	`17`	`}`
`16`	`18`
`17`	`19`	`public function test_form_with_body(): void`
`18`	`20`	`{`
`19`	`21`	`$html = $this->render('<x-form>hi</x-form>');`
`20`	`22`
`21`		`- $this->assertSnippetsMatch('<form method="POST">hi</form>', $html);`
	`23`	`+ $this->assertStringContainsString('hi', $html);`
`22`	`24`	`}`
`23`	`25`
`24`	`26`	`public function test_form_with_string_method(): void`
`25`	`27`	`{`
`26`	`28`	`$html = $this->render('<x-form method="GET" />');`
`27`	`29`
`28`		`- $this->assertSnippetsMatch('<form method="GET"></form>', $html);`
	`30`	`+ $this->assertStringContainsString('method="GET"', $html);`
`29`	`31`	`}`
`30`	`32`
`31`	`33`	`public function test_form_with_enum_method(): void`
`32`	`34`	`{`
`33`	`35`	`$html = $this->render('<x-form :method="' . Method::class . '::GET" />');`
`34`	`36`
`35`		`- $this->assertSnippetsMatch('<form method="GET"></form>', $html);`
	`37`	`+ $this->assertStringContainsString('method="GET"', $html);`
`36`	`38`	`}`
`37`	`39`
`38`	`40`	`public function test_form_with_action(): void`
`39`	`41`	`{`
`40`	`42`	`$html = $this->render('<x-form action="/submit" />');`
`41`	`43`
`42`		`- $this->assertSnippetsMatch('<form action="/submit" method="POST"></form>', $html);`
	`44`	`+ $this->assertStringContainsString('action="/submit" method="POST"', $html);`
`43`	`45`	`}`
`44`	`46`
`45`	`47`	`public function test_form_with_enctype(): void`