Fixed autofill for HTTPS.

Added dummy API endpoint for autofill POST requests.

Autofill also reads the CSRF token from cookies and doesn't require an 'about:blank' anymore on the forms.

res/app/components/stf/common-ui/enable-autofill/enable-autofill-directive.js

@@ -1,4 +1,4 @@
-module.exports = function enableAutofillDirective($rootElement) {
+module.exports = function enableAutofillDirective($rootElement, $cookies) {
   return {
     restrict: 'A',
     compile: function compile(tElement, tAttrs) {
@@ -24,11 +24,31 @@ module.exports = function enableAutofillDirective($rootElement) {
         tElement.attr('target', '_autofill')
       }
 
-      // Add attribute action to the current form
-      // NOTE: This doesn't work so it has to be added manually
-      // if (!tAttrs.action) {
-      //   tElement.attr('action', 'about:blank')
-      // }
+      // Add action attribute if not present
+      if (!tAttrs.action) {
+
+        // Use a dummy url because 'about:blank' trick doesn't work with HTTPS
+        // Also 'javascript: void(0)' doesn't work neither
+        var dummyUrl = '/app/api/v1/dummy'
+
+        // Adds the CSRF token to the url from cookies if present
+        var xsrfToken = $cookies['XSRF-TOKEN']
+        if (xsrfToken) {
+          // Note: At least for Express CSURF, it only works with url-set tokens
+          // it doesn't happen to work with hidden form input elements
+          dummyUrl += '?_csrf=' + xsrfToken
+        }
+
+        tElement.attr('action', dummyUrl)
+      }
+
+      return {
+        pre: function (scope, element, attrs) {
+          // Angular needs this so the form action doesn't get removed
+          // Also, trying to set a url at this time doesn't work neither
+          attrs.action = ''
+        }
+      }
     }
   }
 }