forms hidden field CSRF token is not updated when turbolinks is enabled

I’m unsure in which project to open a bug, so I want to ask first.

rails 5.1.1, turbolinks 5.0.1, turbolinks-source 5.0.3

Reproduction steps:

Visit a page with a form with authenticity token field inside
Navigate with turbolinks links or click browser Back and Forward buttons
Check the form with authenticity token field value


Its value should be the same of head meta name=“csrf-token” value


Its value differs from head meta name=“csrf-token” value

Temporary fix:

Load this javascript (coffeescript syntax):

$(document).on ‘turbolinks:load’, ->
$(‘input[name=authenticity_token]’).val Rails.csrfToken()

The question is: where should I open it as a bug?