I recently updated the site from Magento 2.4.3 to 2.4.6. Since then a custom form (that works in other browsers, e.g. Chrome and Firefox) is redirecting to the homepage upon Submit in Safari.
In the Javascript console the only errors shown are CSP errors.
In the Magento logs there are no errors being thrown.
I have tried:
- Ensuring the form key is on the page. From inspecting the page it looks to me like the form key is being set properly
- Per this question, I have tried changing the cookie settings
- I have set a breakpoint in the PHP side of the form which doesn’t seem to be hitting, so I believe the form is never actually being submitted but instead something on the front end is causing issues.
Code is below:
RecurringService/view/frontend/templates/pageactions.phtml
<?php declare(strict_types=1);
use RecurringServiceViewModelFormKey;
/** @var FormKey $viewModel */
$viewModel = $block->getViewModel();
?>
<?php if ($block->getChildHtml()) : ?>
<script>
var FORM_KEY = '<?= /* @noEscape */ $viewModel->getFormKey() ?>';
</script>
<div>
<?= $block->getChildHtml() ?>
</div>
<?php endif; ?>
RecurringService/view/frontend/layout/recurring_schedule_index.xml
<?xml version="1.0"?>
<page xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:framework:View/Layout/etc/page_configuration.xsd">
<update handle="customer_account"/>
<body>
<referenceBlock name="page.main.title">
<action method="setPageTitle">
<argument translate="true" name="title" xsi:type="string">My Service Schedule</argument>
</action>
</referenceBlock>
<referenceContainer name="content">
<block class="MagentoCmsBlockBlock" name="service_schedule_description">
<arguments>
<argument name="block_id" xsi:type="string">service-schedule-description</argument>
</arguments>
</block>
<uiComponent name="service_schedule_form"/>
<block class="MagentoFrameworkViewElementTemplate"
cacheable="false"
name="page.actions.toolbar" template="RecurringService::pageactions.phtml">
<arguments>
<argument name="view_model" xsi:type="object">RecurringServiceViewModelFormKey</argument>
</arguments>
</block>
</referenceContainer>
</body>
</page>
RecurringService/view/frontend/ui_component/service_schedule_form.xml
<?xml version="1.0"?>
<form xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Ui:etc/ui_configuration.xsd">
<argument name="data" xsi:type="array">
<item name="js_config" xsi:type="array">
<item name="provider" xsi:type="string">service_schedule_form.service_schedule_form_data_source</item>
</item>
<item name="template" xsi:type="string">templates/form/collapsible</item>
</argument>
<settings>
<buttons>
<button name="save" class="RecurringServiceBlockServiceScheduleFormSaveButton"/>
</buttons>
<namespace>service_schedule_form</namespace>
<dataScope>data</dataScope>
<deps>
<dep>service_schedule_form.service_schedule_form_data_source</dep>
</deps>
</settings>
<dataSource name="service_schedule_form_data_source">
<argument name="data" xsi:type="array">
<item name="js_config" xsi:type="array">
<item name="component" xsi:type="string">Magento_Ui/js/form/provider</item>
</item>
</argument>
<settings>
<submitUrl path="recurring/schedule/save"/>
</settings>
<dataProvider class="RecurringServiceModelRecurringProfileDataProvider"
name="service_schedule_form_data_source">
<settings>
<requestFieldName>profile_id</requestFieldName>
<primaryFieldName>entity_id</primaryFieldName>
</settings>
</dataProvider>
</dataSource>
<fieldset name="service_schedule" class="RecurringServiceUiComponentFormServiceSchedule">
<settings>
<label translate="true">Service Schedule</label>
</settings>
</fieldset>
</form>
RecurringService/Block/ServiceSchedule/Form/SaveButton.php
<?php declare(strict_types=1);
namespace RecurringServiceBlockServiceScheduleForm;
use MagentoFrameworkViewElementUiComponentControlButtonProviderInterface;
/**
* Class SaveButton
*/
class SaveButton implements ButtonProviderInterface
{
/**
* Gets button data
*
* @return mixed[]
*/
public function getButtonData()
{
return [
'label' => __('Update Service Schedule'),
'class' => 'save primary',
'data_attribute' => [
'mage-init' => [
'buttonAdapter' => [
'actions' => [
[
'targetName' => 'service_schedule_form.service_schedule_form',
'actionName' => 'save'
]
]
]
]
]
];
}
}
UPDATE:
These are the CSP Errors:
- The Content Security Policy ‘font-src [redacted, long list] widgets.magentocommerce.com data: ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; style-src *.adobe.com *.sharethis.com *.fontawesome.com https://fonts.bunny.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com ‘self’ ‘unsafe-inline’; object-src ‘self’ ‘unsafe-inline’; media-src *.adobe.com ‘self’ ‘unsafe-inline’; manifest-src ‘self’ ‘unsafe-inline’; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com … api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com ‘self’ ‘unsafe-inline’; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: ‘self’ ‘unsafe-inline’; default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; base-uri ‘self’ ‘unsafe-inline’;’ was delivered in report-only mode, but does not specify a ‘report-to’; the policy will have no effect. Please either add a ‘report-to’ directive, or deliver the policy via the ‘Content-Security-Policy’ header.
- The Content Security Policy directive ‘frame-ancestors’ is ignored when delivered in a report-only policy.
- [Report Only] Refused to load https://www.facebook.com/tr/?id=1108448779947011&ev=PageView&dl=url%2Frecurring%2Fschedule%2F&rl=&if=false&ts=1733697848946&sw=2056&sh=1329&v=2.9.178&r=stable&ec=0&o=4126&fbp=fb.1.1733619822890.74188647264903833&ler=empty&it=1733697848938&coo=false&rqm=GET because it does not appear in the img-src directive of the Content Security Policy.
- [Report Only] Refused to connect to https://pixel-config.reddit.com/pixels/a2_ep3ihjob5ner/config because it does not appear in the connect-src directive of the Content Security Policy.