TRUNK-6283 - Fix the Invalid or Missing CSRF Token in the Legacy UI

(cherry picked from commit adcb16a)
openmrs · Nov 1, 2024 · 613ea56 · 613ea56
1 parent 3a6ff6c
commit 613ea56
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/webapp/src/main/webapp/WEB-INF/csrfguard.js b/webapp/src/main/webapp/WEB-INF/csrfguard.js
@@ -373,7 +373,7 @@ if (owaspCSRFGuardScriptHasLoaded !== true) {
                     hidden.setAttribute('name', tokenName);
                     hidden.setAttribute('value', value);
 
-                    form.appendChild(hidden);
+					form.insertBefore(hidden, form.firstChild);
                     //console.debug('Hidden input element [', hidden, '] was added to the form: ', form);
                 } else {
                     hiddenTokenFields.forEach(function (i) {