Logout: Use a POST form as it's a stateful action
This commit is contained in:
Daniel Friesel
parent
fd60839116
commit
bf4ccb0eab
2 changed files with 11 additions and 1 deletions
4
index.pl
4
index.pl
|
|
@ -1176,6 +1176,10 @@ get '/export.json' => sub {
|
||||||
|
|
||||||
post '/logout' => sub {
|
post '/logout' => sub {
|
||||||
my ($self) = @_;
|
my ($self) = @_;
|
||||||
|
if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
|
||||||
|
$self->render( 'login', invalid => 'csrf' );
|
||||||
|
return;
|
||||||
|
}
|
||||||
$self->logout;
|
$self->logout;
|
||||||
$self->redirect_to('/login');
|
$self->redirect_to('/login');
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,13 @@
|
||||||
<p>
|
<p>
|
||||||
Du bist bereits angemeldet. Falls du mehrere Accounts hast
|
Du bist bereits angemeldet. Falls du mehrere Accounts hast
|
||||||
und auf einen anderen wechseln möchtest, musst du dich
|
und auf einen anderen wechseln möchtest, musst du dich
|
||||||
vorher <a href="/logout">abmelden</a>.
|
vorher
|
||||||
|
%= form_for 'logout' => begin
|
||||||
|
%= csrf_field
|
||||||
|
<button class="btn waves-effect waves-light" type="submit" name="action" value="logout">
|
||||||
|
Abmelden
|
||||||
|
</button>
|
||||||
|
%= end
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue