Issue #15619 - Protect logout against CSRF #1963

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
Contributor

ziima commented Nov 22, 2013

  • Logout only performed on POST requests. GET requests returns
    confirmation page.
  • Logout link in administration replaced by logout form without change
    of appearance.

Based on patch from ashchristopher.

@ziima ziima Issue #15619 - Protect logout against CSRF
 * Logout only performed on POST requests. GET requests returns
   confirmation page.
 * Logout link in administration replaced by logout form without change
   of appearance.

Based on patch from ashchristopher.
5618f23
Contributor

Bouke commented Jan 16, 2014

Your code changes look good to me. However there's a layout issue with Safari on OSX:

screen shot 2014-01-16 at 22 02 12

If you could address this issue for all major browsers I'll mark your patch as RFC.

Contributor

ziima commented Jan 17, 2014

Sorry, I forgot to close this pull request. There is better one: #1934.

ziima closed this Jan 17, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment