Merge pull request #2765 from paulkaplan/form-submit-logout

Use a dummy form submission instead of logging out via xhr.
2025-02-17 00:21:20 -05:00 · 2019-02-11 15:33:36 -05:00 · 2019-02-11 15:33:36 -05:00 · 9f2ca84283
commit 9f2ca84283
parent 4b38da1917 49afbd2c70
1 changed files with 16 additions and 11 deletions
--- a/src/redux/navigation.js
+++ b/src/redux/navigation.js
@ -2,6 +2,7 @@ const keyMirror = require('keymirror');
 const defaults = require('lodash.defaults');

 const api = require('../lib/api');
+const jar = require('../lib/jar');
 const log = require('../lib/log.js');
 const sessionActions = require('./session.js');

@ -138,16 +139,20 @@ module.exports.handleLogIn = (formData, callback) => (dispatch => {
    });
 });

-module.exports.handleLogOut = () => (dispatch => {
-    api({
-        host: '',
-        method: 'post',
-        uri: '/accounts/logout/',
-        useCsrf: true
-    }, err => {
-        if (err) log.error(err);
-        dispatch(module.exports.setLoginOpen(false));
-        dispatch(module.exports.setAccountNavOpen(false));
-        window.location = '/';
+module.exports.handleLogOut = () => (() => {
+    // POST to /accounts/logout using a dummy form instead of XHR. This ensures
+    // logout only happens AFTER onbeforeunload has the chance to prevent nagivation.
+    jar.use('scratchcsrftoken', '/csrf_token/', (err, csrftoken) => {
+        if (err) return log.error('Error while retrieving CSRF token', err);
+        const form = document.createElement('form');
+        form.setAttribute('method', 'POST');
+        form.setAttribute('action', '/accounts/logout/');
+        const csrfField = document.createElement('input');
+        csrfField.setAttribute('type', 'hidden');
+        csrfField.setAttribute('name', 'csrfmiddlewaretoken');
+        csrfField.setAttribute('value', csrftoken);
+        form.appendChild(csrfField);
+        document.body.appendChild(form);
+        form.submit();
    });
 });