Merge pull request #2214 from bookwyrm-social/logout-post

Use POST instead of GET for logout function
bookwyrm-social · Jul 10, 2022 · bead43a · bead43a
2 parents a7cc41c + 64bfe59
commit bead43a
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 5 deletions.
diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
@@ -11,7 +11,7 @@
 env = Env()
 env.read_env()
 DOMAIN = env("DOMAIN")
-VERSION = "0.4.2"
+VERSION = "0.4.3"
 
 RELEASE_API = env(
     "RELEASE_API",

diff --git a/bookwyrm/templates/user_menu.html b/bookwyrm/templates/user_menu.html
@@ -68,9 +68,15 @@
             <li class="navbar-divider" role="presentation" aria-hidden="true">&nbsp;</li>
 
             <li role="menuitem">
-                <a href="{% url 'logout' %}" class="navbar-item">
-                    {% trans 'Log out' %}
-                </a>
+                <form
+                    name="logout"
+                    method="POST"
+                    action="{% url 'logout' %}"
+                    class="navbar-item"
+                >
+                    {% csrf_token %}
+                    <button type="submit">{% trans 'Log out' %}</button>
+                </form>
             </li>
         </ul>
     </div>

diff --git a/bookwyrm/views/landing/login.py b/bookwyrm/views/landing/login.py
@@ -77,7 +77,7 @@ def post(self, request):
 class Logout(View):
     """log out"""
 
-    def get(self, request):
+    def post(self, request):
         """done with this place! outa here!"""
         logout(request)
         return redirect("/")