security: cross-site request forgery

HDInnovations · Sep 23, 2021 · 5b978cc · 5b978cc
1 parent 5dc5263
commit 5b978cc
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/resources/views/partials/top_nav.blade.php b/resources/views/partials/top_nav.blade.php
@@ -142,9 +142,14 @@ class="img-circle">
                         </a>
                     </li>
                     <li>
-                        <a href="{{ route('logout') }}">
-                            <i class="{{ config('other.font-awesome') }} fa-sign-out"></i> @lang('auth.logout')
-                        </a>
+                        <form role="form" method="POST" action="{{ route('logout') }}" style="background-color: #272634; clear: both; display: block; font-family: lato,sans-serif; font-weight: 400; line-height: 1.42857; padding: 6px 10px; white-space: nowrap; ">
+                            @csrf
+                            <div class="text-center">
+                                <button type="submit" class="btn btn-xs btn-danger">
+                                    <i class='{{ config('other.font-awesome') }} fa-sign-out'></i> @lang('auth.logout')
+                                </button>
+                            </div>
+                        </form>
                     </li>
                 </ul>
             </li>

diff --git a/routes/web.php b/routes/web.php
@@ -85,7 +85,7 @@
     Route::group(['middleware' => ['auth', 'twostep', 'banned']], function () {
 
         // General
-        Route::get('/logout', [App\Http\Controllers\Auth\LoginController::class, 'logout'])->name('logout');
+        Route::post('/logout', [App\Http\Controllers\Auth\LoginController::class, 'logout'])->name('logout');
         Route::get('/', [App\Http\Controllers\HomeController::class, 'index'])->name('home.index');
 
         // Achievements System