From 0e2217bd2d8833f0bff84767f676fc93c84d4b9a Mon Sep 17 00:00:00 2001
From: John Olheiser <john.olheiser@gmail.com>
Date: Mon, 2 Mar 2020 22:50:31 -0600
Subject: [PATCH] Logout POST action (#10582)

* Change logout to POST

* Update for redirect

Signed-off-by: jolheiser <john.olheiser@gmail.com>
---
 integrations/signout_test.go    | 2 +-
 routers/routes/routes.go        | 2 +-
 templates/base/head_navbar.tmpl | 2 +-
 web_src/js/index.js             | 3 +++
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/integrations/signout_test.go b/integrations/signout_test.go
index 65957b244..c31c91307 100644
--- a/integrations/signout_test.go
+++ b/integrations/signout_test.go
@@ -14,7 +14,7 @@ func TestSignOut(t *testing.T) {
 
 	session := loginUser(t, "user2")
 
-	req := NewRequest(t, "GET", "/user/logout")
+	req := NewRequest(t, "POST", "/user/logout")
 	session.MakeRequest(t, req, http.StatusFound)
 
 	// try to view a private repo, should fail
diff --git a/routers/routes/routes.go b/routers/routes/routes.go
index a8a08c9ec..0b0b4e05a 100644
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -413,7 +413,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Post("/recover_account", user.ResetPasswdPost)
 		m.Get("/forgot_password", user.ForgotPasswd)
 		m.Post("/forgot_password", user.ForgotPasswdPost)
-		m.Get("/logout", user.SignOut)
+		m.Post("/logout", user.SignOut)
 	})
 	// ***** END: User *****
 
diff --git a/templates/base/head_navbar.tmpl b/templates/base/head_navbar.tmpl
index 51a021d0e..de02bca1f 100644
--- a/templates/base/head_navbar.tmpl
+++ b/templates/base/head_navbar.tmpl
@@ -115,7 +115,7 @@
 					{{end}}
 
 					<div class="divider"></div>
-					<a class="item" href="{{AppSubUrl}}/user/logout">
+					<a class="item link-action" href data-url="{{AppSubUrl}}/user/logout" data-redirect="{{AppSubUrl}}/">
 						{{svg "octicon-sign-out" 16}}
 						{{.i18n.Tr "sign_out"}}<!-- Sign Out -->
 					</a>
diff --git a/web_src/js/index.js b/web_src/js/index.js
index b2eec525d..570d39287 100644
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@@ -2741,11 +2741,14 @@ function showAddAllPopup() {
 
 function linkAction() {
   const $this = $(this);
+  const redirect = $this.data('redirect');
   $.post($this.data('url'), {
     _csrf: csrf
   }).done((data) => {
     if (data.redirect) {
       window.location.href = data.redirect;
+    } else if (redirect) {
+      window.location.href = redirect;
     } else {
       window.location.reload();
     }