This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new a62f505c Logout is a POST (#876)
a62f505c is described below
commit a62f505ce1e1f2da10b7ebfea3e8473e90569b36
Author: Dave Fisher <[email protected]>
AuthorDate: Mon Mar 16 13:07:34 2026 -0700
Logout is a POST (#876)
* Logout is a POST
* OF - missed precheck
* Remove CSRF token time limits
---
atr/config.py | 3 +++
atr/server.py | 2 ++
atr/static/css/atr.css | 9 ---------
atr/templates/includes/topnav.html | 5 ++++-
4 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/atr/config.py b/atr/config.py
index 63a70ef8..fe7dc98c 100644
--- a/atr/config.py
+++ b/atr/config.py
@@ -125,6 +125,9 @@ class AppConfig:
SESSION_COOKIE_SAMESITE = "Strict"
SESSION_COOKIE_NAME = "__Host-session"
+ # CSRF time limit
+ WTF_CSRF_TIME_LIMIT = None
+
ADMIN_USERS_ADDITIONAL = decouple.config("ADMIN_USERS_ADDITIONAL",
default="", cast=str)
TOOLING_USERS_ADDITIONAL = decouple.config("TOOLING_USERS_ADDITIONAL",
default="", cast=str)
diff --git a/atr/server.py b/atr/server.py
index c791d22e..77d2907b 100644
--- a/atr/server.py
+++ b/atr/server.py
@@ -53,6 +53,7 @@ import atr.config as config
import atr.db as db
import atr.db.interaction as interaction
import atr.filters as filters
+import atr.form as form
import atr.jwtoken as jwtoken
import atr.log as log
import atr.manager as manager
@@ -261,6 +262,7 @@ def _app_setup_context(app: base.QuartApp) -> None:
"admin": admin,
"as_url": util.as_url,
"commit": metadata.commit,
+ "csrf_input_fn": lambda: form.csrf_input(),
"current_user": current_user,
"get": get,
"is_admin_fn": user.is_admin,
diff --git a/atr/static/css/atr.css b/atr/static/css/atr.css
index f5a27faa..1d3313d9 100644
--- a/atr/static/css/atr.css
+++ b/atr/static/css/atr.css
@@ -221,19 +221,10 @@ button, input, option, select, textarea {
font-weight: 425;
}
-
nav.navbar {
padding: 0 0 0.25rem 2rem;
}
-nav.navbar button, nav.navbar a.navbar-brand {
- color: #000000 !important;
-}
-
-/* nav.navbar button.navbar-toggler {
- background-color: #000000 !important;
-} */
-
label[for] {
font-weight: 450;
diff --git a/atr/templates/includes/topnav.html
b/atr/templates/includes/topnav.html
index 87d06f90..4a694d56 100644
--- a/atr/templates/includes/topnav.html
+++ b/atr/templates/includes/topnav.html
@@ -376,7 +376,10 @@
<ul class="navbar-nav align-items-lg-center">
<li class="nav-item">
{% if current_user %}
- <a href="/auth?logout=/" class="logout-link btn btn-sm
btn-secondary ms-2">Log out</a>
+ <form method="post" action="/auth?logout=/" class="d-inline">
+ {{ csrf_input_fn()|safe }}
+ <button type="submit" class="logout-link btn btn-sm
btn-secondary ms-2">Log out</button>
+ </form>
{% else %}
<a href="/auth?login={{ request.path }}" class="login-link btn
btn-sm btn-secondary ms-2">Log in</a>
{% endif %}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
