From bf4ccb0eabe0f4258bc174a83dfba318d0212af1 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Fri, 8 Mar 2019 16:54:54 +0100
Subject: Logout: Use a POST form as it's a stateful action

---
 index.pl | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'index.pl')

diff --git a/index.pl b/index.pl
index 69d1079..6331d45 100755
--- a/index.pl
+++ b/index.pl
@@ -1176,6 +1176,10 @@ get '/export.json' => sub {
 
 post '/logout' => sub {
 	my ($self) = @_;
+	if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
+		$self->render( 'login', invalid => 'csrf' );
+		return;
+	}
 	$self->logout;
 	$self->redirect_to('/login');
 };
-- 
cgit v1.2.3