Change /logout from GET to POST (#515)
This commit is contained in:
parent
50ca141f1d
commit
26e8660af4
|
@ -127,7 +127,7 @@ function handleLogout(req, res) {
|
|||
res.clearCookie("auth");
|
||||
req.user = res.user = null;
|
||||
// Try to find an appropriate redirect
|
||||
var dest = req.query.dest || req.header("referer");
|
||||
var dest = req.params.dest || req.header("referer");
|
||||
dest = dest && dest.match(/login|logout|account/) ? null : dest;
|
||||
|
||||
var host = req.hostname;
|
||||
|
@ -234,7 +234,7 @@ module.exports = {
|
|||
init: function (app) {
|
||||
app.get("/login", handleLoginPage);
|
||||
app.post("/login", handleLogin);
|
||||
app.get("/logout", handleLogout);
|
||||
app.post("/logout", handleLogout);
|
||||
app.get("/register", handleRegisterPage);
|
||||
app.post("/register", handleRegister);
|
||||
}
|
||||
|
|
|
@ -67,8 +67,10 @@ mixin navloginform(redirect)
|
|||
|
||||
|
||||
mixin navlogoutform(redirect)
|
||||
p#logoutform.navbar-text.pull-right
|
||||
form#logoutform.navbar-text.pull-right(action="/logout", method="post")
|
||||
input(type="hidden", name="dest", value=baseUrl + redirect)
|
||||
input(type="hidden", name="_csrf", value=csrfToken)
|
||||
span#welcome Welcome, #{loginName}
|
||||
span ·
|
||||
a#logout.navbar-link(href="/logout?dest=#{encodeURIComponent(baseUrl + redirect)}&_csrf=#{csrfToken}") Logout
|
||||
input#logout.navbar-link(type="submit", value="Logout")
|
||||
|
||||
|
|
|
@ -639,3 +639,13 @@ li.vjs-menu-item.vjs-selected {
|
|||
.video-js video::-webkit-media-text-track-container {
|
||||
bottom: 50px;
|
||||
}
|
||||
|
||||
input#logout[type="submit"] {
|
||||
background: none;
|
||||
border: none;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
input#logout[type="submit"]:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue