-
Notifications
You must be signed in to change notification settings - Fork 368
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth logout not working with defaultCsrfMiddleware #1151
Comments
haekhaek
changed the title
Auth logout with defaultCsrfMiddleware not working
Auth logout not working with defaultCsrfMiddleware
Jan 21, 2016
@gregwebs any objection to removing the csrf middleware from the scaffolding? I don't know anything about it, but this is the second bug I've seen new users report. |
snoyberg
added a commit
to yesodweb/yesod-scaffold
that referenced
this issue
Jan 24, 2016
snoyberg
added a commit
that referenced
this issue
Jan 24, 2016
I've just released version 1.4.19 of yesod-core which should fix this problem. I've also sent a PR to remove defaultCsrfMiddleware from the scaffold. Thanks for the report! |
gregwebs
added a commit
to yesodweb/yesod-scaffold
that referenced
this issue
Jan 24, 2016
Don't enable defaultCsrfMiddleware by default yesodweb/yesod#1151
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I tried out the authentication example from yesodweb, but if I add the "defaultCsrfMiddleware" to my "yesodMiddleware" the logout mechanism with the auth plugin does not work and I get the "Permission denied" error. But the XSRF-TOKEN is send with the cookie and it's the same token as in the session, so the logout should work.
I got the logout working with either:
I think it would fix this error, if we add here an invisible input with the token like it's done by the runFormPost.
But I'm not sure if that's all.
The text was updated successfully, but these errors were encountered: