sascha
/
Notes
mirror of https://github.com/TriliumNext/Notes
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor: call logout route via JS 

required for csrf-csrf to correctly protect against
CSRF, as it required the _csrf cookie AND the
x-csrf-token HTTP header, the latter cannot be set
via simple Form POST action

using "../login" here, because "server" method is automatically prepending all paths with "/api",
which we don't want here, as we want "/login"
pull/864/head
Panagiotis Papadopoulos 2025-01-12 11:43:41 +07:00
parent c36085e580
commit 59ecc614c2
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/public/app/components/entrypoints.ts
Unescape Escape View File

@ -114,11 +114,9 @@ export default class Entrypoints extends Component {
utils.reloadFrontendApp();
}
logoutCommand() {
const $logoutForm = $('<form action="logout" method="POST">').append($(`<input type='_hidden' name="_csrf" value="${glob.csrfToken}"/>`));
$("body").append($logoutForm);
$logoutForm.trigger("submit");
async logoutCommand() {
await server.post("../logout");
window.location.replace(`/login`);
}
backInNoteHistoryCommand() {