mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2025-12-19 19:38:51 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add CSRF prevention for /signout

Browse Source
This commit is contained in:
Omar Roth
2018-11-08 17:42:25 -06:00
parent 28f564ee4c
commit 8e6bee75e7
3 changed files with 25 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/invidious/views/template.ecr
View File

@@ -67,7 +67,7 @@
</a>
</div>
<div class="pure-u-1-4">
<a href="/signout?referer=<%= env.get?("current_page") %>" class="pure-menu-heading">Sign out</a>
<a href="/signout?referer=<%= env.get?("current_page") %>&token=<%= env.get?("token") %>&challenge=<%= env.get?("challenge") %>" class="pure-menu-heading">Sign out</a>
</div>
<% else %>
<a href="/login?referer=<%= env.get?("current_page") %>" class="pure-menu-heading">Login</a>