Change /logout from GET to POST (#515)

This commit is contained in:
calzoneman 2015-10-26 23:21:09 -07:00
parent 50ca141f1d
commit 26e8660af4
3 changed files with 16 additions and 4 deletions

View File

@ -127,7 +127,7 @@ function handleLogout(req, res) {
res.clearCookie("auth"); res.clearCookie("auth");
req.user = res.user = null; req.user = res.user = null;
// Try to find an appropriate redirect // Try to find an appropriate redirect
var dest = req.query.dest || req.header("referer"); var dest = req.params.dest || req.header("referer");
dest = dest && dest.match(/login|logout|account/) ? null : dest; dest = dest && dest.match(/login|logout|account/) ? null : dest;
var host = req.hostname; var host = req.hostname;
@ -234,7 +234,7 @@ module.exports = {
init: function (app) { init: function (app) {
app.get("/login", handleLoginPage); app.get("/login", handleLoginPage);
app.post("/login", handleLogin); app.post("/login", handleLogin);
app.get("/logout", handleLogout); app.post("/logout", handleLogout);
app.get("/register", handleRegisterPage); app.get("/register", handleRegisterPage);
app.post("/register", handleRegister); app.post("/register", handleRegister);
} }

View File

@ -67,8 +67,10 @@ mixin navloginform(redirect)
mixin navlogoutform(redirect) mixin navlogoutform(redirect)
p#logoutform.navbar-text.pull-right form#logoutform.navbar-text.pull-right(action="/logout", method="post")
input(type="hidden", name="dest", value=baseUrl + redirect)
input(type="hidden", name="_csrf", value=csrfToken)
span#welcome Welcome, #{loginName} span#welcome Welcome, #{loginName}
span  ·  span  · 
a#logout.navbar-link(href="/logout?dest=#{encodeURIComponent(baseUrl + redirect)}&_csrf=#{csrfToken}") Logout input#logout.navbar-link(type="submit", value="Logout")

View File

@ -639,3 +639,13 @@ li.vjs-menu-item.vjs-selected {
.video-js video::-webkit-media-text-track-container { .video-js video::-webkit-media-text-track-container {
bottom: 50px; bottom: 50px;
} }
input#logout[type="submit"] {
background: none;
border: none;
padding: 0;
}
input#logout[type="submit"]:hover {
text-decoration: underline;
}