FormTagLib.form passes wrong method to RequestDataValueProcessor

[askask]

Steps to Reproduce

1. Create a Grails web application and add Spring Security Web as a dependency
2. Configure CSRF protection in resources.groovy:

requestDataValueProcessor(org.springframework.security.web.servlet.support.csrf.CsrfRequestDataValueProcessor)
csrfFilter(org.springframework.security.web.csrf.CsrfFilter, new org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository())

3. Create a GSP file containing a g:form element

Expected Behaviour

I expect that the CSRF token is added to the form.

Actual Behaviour

It isn't added.

Environment Information

• Operating System: Linux
• Grails Version: 2.5.1 (the relevant code did not change since then however)
• JDK Version: 8
• Container Version (If Applicable): 2.5

-

I think the problem is

grails-gsp/grails-plugin-gsp/src/main/groovy/org/grails/plugins/web/taglib/FormTagLib.groovy

Line 395 in af8bfeb

link= requestDataValueProcessor.processAction(request, link, request.method)

Here the method of the form should be passed, not the method used to request the page containing the form.
See also the documentaton for the RequestDataValueProcessor interface.