Add _token parameter to redirectToPost #1151

yesodweb · Jan 24, 2016 · cf5a390 · cf5a390
1 parent be9d0a2
commit cf5a390
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/yesod-core/ChangeLog.md b/yesod-core/ChangeLog.md
@@ -1,3 +1,7 @@
+## 1.4.19
+
+* Auth logout not working with defaultCsrfMiddleware [#1151](https://github.com/yesodweb/yesod/issues/1151)
+
 ## 1.4.18.2
 
 * Allow subsites within hierarchical routes [#1144](https://github.com/yesodweb/yesod/pull/1144)

diff --git a/yesod-core/Yesod/Core/Handler.hs b/yesod-core/Yesod/Core/Handler.hs
@@ -890,6 +890,7 @@ redirectToPost :: (MonadHandler m, RedirectUrl (HandlerSite m) url)
                -> m a
 redirectToPost url = do
     urlText <- toTextUrl url
+    req <- getRequest
     withUrlRenderer [hamlet|
 $newline never
 $doctype 5
@@ -899,6 +900,8 @@ $doctype 5
         <title>Redirecting...
     <body onload="document.getElementById('form').submit()">
         <form id="form" method="post" action=#{urlText}>
+            $maybe token <- reqToken req
+                <input type=hidden name=#{defaultCsrfParamName} value=#{token}>
             <noscript>
                 <p>Javascript has been disabled; please click on the button below to be redirected.
             <input type="submit" value="Continue">

diff --git a/yesod-core/yesod-core.cabal b/yesod-core/yesod-core.cabal
@@ -1,5 +1,5 @@
 name:            yesod-core
-version:         1.4.18.2
+version:         1.4.19
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>