Okay, two issues:
-
When you call
reset()
on the form element, the CSRF token (the value of thecsrf_token
field) is probably cleared, too. But this token is required, else the POST request will be rejected (i.e.302
redirected with an error message). -
Even if the token is not reset (any more) it will get invalid after the first request. IIRC in Kirby 2.4.1 a CSRF token is only valid for a single request. This was changed in 2.5.2 where the token is valid for an entire session. The easiest fix would be to update to the newest Kirby version. Is that possible?