Logout: Use a POST form as it's a stateful action
This commit is contained in:
parent
fd60839116
commit
bf4ccb0eab
2 changed files with 11 additions and 1 deletions
4
index.pl
4
index.pl
|
@ -1176,6 +1176,10 @@ get '/export.json' => sub {
|
|||
|
||||
post '/logout' => sub {
|
||||
my ($self) = @_;
|
||||
if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
|
||||
$self->render( 'login', invalid => 'csrf' );
|
||||
return;
|
||||
}
|
||||
$self->logout;
|
||||
$self->redirect_to('/login');
|
||||
};
|
||||
|
|
|
@ -7,7 +7,13 @@
|
|||
<p>
|
||||
Du bist bereits angemeldet. Falls du mehrere Accounts hast
|
||||
und auf einen anderen wechseln möchtest, musst du dich
|
||||
vorher <a href="/logout">abmelden</a>.
|
||||
vorher
|
||||
%= form_for 'logout' => begin
|
||||
%= csrf_field
|
||||
<button class="btn waves-effect waves-light" type="submit" name="action" value="logout">
|
||||
Abmelden
|
||||
</button>
|
||||
%= end
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue