csrf_field should have autocomplete="off", on mobile devices I will get page expired error when it autocompletes my password

[maxheckel]

Laravel Version

10.4.1

PHP Version

8.2.0

Database Driver & Version

No response

Description

Should replace the csrf_token method with this:

if (! function_exists('csrf_field')) {
    /**
     * Generate a CSRF token form field.
     *
     * @return \Illuminate\Support\HtmlString
     */
    function csrf_field()
    {
        return new HtmlString('<input type="hidden" name="_token" autocomplete="off" value="'.csrf_token().'">');
    }
}

Steps To Reproduce

On mobile safari, log into a username/password form and have it store your password. Attempt to login again and use autocomplete, you will get a 419 page expired error.

[driesvints]

I don't think this is a Laravel bug sorry.

[elminson]

@driesvints I think you are right and is a bug on Safari mobile version.
But now we are not w3c Validator compliant
#49223