Change /logout from GET to POST (#515)

This commit is contained in:
calzoneman 2015-10-26 23:21:09 -07:00
parent 50ca141f1d
commit 26e8660af4
3 changed files with 16 additions and 4 deletions

View file

@ -127,7 +127,7 @@ function handleLogout(req, res) {
res.clearCookie("auth");
req.user = res.user = null;
// Try to find an appropriate redirect
var dest = req.query.dest || req.header("referer");
var dest = req.params.dest || req.header("referer");
dest = dest && dest.match(/login|logout|account/) ? null : dest;
var host = req.hostname;
@ -234,7 +234,7 @@ module.exports = {
init: function (app) {
app.get("/login", handleLoginPage);
app.post("/login", handleLogin);
app.get("/logout", handleLogout);
app.post("/logout", handleLogout);
app.get("/register", handleRegisterPage);
app.post("/register", handleRegister);
}

View file

@ -67,8 +67,10 @@ mixin navloginform(redirect)
mixin navlogoutform(redirect)
p#logoutform.navbar-text.pull-right
form#logoutform.navbar-text.pull-right(action="/logout", method="post")
input(type="hidden", name="dest", value=baseUrl + redirect)
input(type="hidden", name="_csrf", value=csrfToken)
span#welcome Welcome, #{loginName}
span  · 
a#logout.navbar-link(href="/logout?dest=#{encodeURIComponent(baseUrl + redirect)}&_csrf=#{csrfToken}") Logout
input#logout.navbar-link(type="submit", value="Logout")

View file

@ -639,3 +639,13 @@ li.vjs-menu-item.vjs-selected {
.video-js video::-webkit-media-text-track-container {
bottom: 50px;
}
input#logout[type="submit"] {
background: none;
border: none;
padding: 0;
}
input#logout[type="submit"]:hover {
text-decoration: underline;
}