Auth logout not working with defaultCsrfMiddleware #1151
Comments
haekhaek
changed the title
|
@gregwebs any objection to removing the csrf middleware from the scaffolding? I don't know anything about it, but this is the second bug I've seen new users report. |
snoyberg
added a commit
to yesodweb/yesod-scaffold
that referenced
this issue
Jan 24, 2016
snoyberg
added a commit
that referenced
this issue
Jan 24, 2016
|
I've just released version 1.4.19 of yesod-core which should fix this problem. I've also sent a PR to remove defaultCsrfMiddleware from the scaffold. Thanks for the report! |
gregwebs
added a commit
to yesodweb/yesod-scaffold
that referenced
this issue
Jan 24, 2016
Don't enable defaultCsrfMiddleware by default yesodweb/yesod#1151
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried out the authentication example from yesodweb, but if I add the "defaultCsrfMiddleware" to my "yesodMiddleware" the logout mechanism with the auth plugin does not work and I get the "Permission denied" error. But the XSRF-TOKEN is send with the cookie and it's the same token as in the session, so the logout should work.
I got the logout working with either:
I think it would fix this error, if we add here an invisible input with the token like it's done by the runFormPost.
But I'm not sure if that's all.
The text was updated successfully, but these errors were encountered: