Skip to content
Snippets Groups Projects
Commit bf4ccb0e authored by Birte Kristina Friesel's avatar Birte Kristina Friesel
Browse files

Logout: Use a POST form as it's a stateful action

parent fd608391
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
index.pl
+ 4
0
View file @ bf4ccb0e
...@@ -1176,6 +1176,10 @@ get '/export.json' => sub { ...@@ -1176,6 +1176,10 @@ get '/export.json' => sub {
post '/logout' => sub { post '/logout' => sub {
my ($self) = @_; my ($self) = @_;
if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
$self->render( 'login', invalid => 'csrf' );
return;
}
$self->logout; $self->logout;
$self->redirect_to('/login'); $self->redirect_to('/login');
}; };
......
templates/login.html.ep
+ 7
1
View file @ bf4ccb0e
...@@ -7,7 +7,13 @@ ...@@ -7,7 +7,13 @@
<p> <p>
Du bist bereits angemeldet. Falls du mehrere Accounts hast Du bist bereits angemeldet. Falls du mehrere Accounts hast
und auf einen anderen wechseln möchtest, musst du dich und auf einen anderen wechseln möchtest, musst du dich
vorher <a href="/logout">abmelden</a>. vorher
%= form_for 'logout' => begin
%= csrf_field
<button class="btn waves-effect waves-light" type="submit" name="action" value="logout">
Abmelden
</button>
%= end
</p> </p>
</div> </div>
</div> </div>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment