diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2019-03-08 16:54:54 +0100 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2019-03-08 16:54:54 +0100 |
| commit | bf4ccb0eabe0f4258bc174a83dfba318d0212af1 (patch) | |
| tree | 1e655374478df55eea4a1a21c6af4a2e69331ec7 /index.pl | |
| parent | fd608391164ddc9e55e2f383620d395b43ae99b7 (diff) | |
Logout: Use a POST form as it's a stateful action
Diffstat (limited to 'index.pl')
| -rwxr-xr-x | index.pl | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -1176,6 +1176,10 @@ get '/export.json' => sub { post '/logout' => sub { my ($self) = @_; + if ( $self->validation->csrf_protect->has_error('csrf_token') ) { + $self->render( 'login', invalid => 'csrf' ); + return; + } $self->logout; $self->redirect_to('/login'); }; |