From f397140e2084cdbbff3be0feba0a68fc04ebcbf9 Mon Sep 17 00:00:00 2001
From: Ethan Dalool <git@voussoir.net>
Date: Fri, 17 Aug 2018 22:23:40 -0700
Subject: [PATCH] Make /logout operate on POST only.

---
 .../etiquette_flask/endpoints/user_endpoints.py             | 4 ++--
 frontends/etiquette_flask/static/css/common.css             | 6 ++++++
 frontends/etiquette_flask/templates/header.html             | 2 +-
 frontends/etiquette_flask/templates/user.html               | 1 +
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/frontends/etiquette_flask/etiquette_flask/endpoints/user_endpoints.py b/frontends/etiquette_flask/etiquette_flask/endpoints/user_endpoints.py
index 17d432e..5a362d7 100644
--- a/frontends/etiquette_flask/etiquette_flask/endpoints/user_endpoints.py
+++ b/frontends/etiquette_flask/etiquette_flask/endpoints/user_endpoints.py
@@ -83,11 +83,11 @@ def post_login():
     session_manager.add(session)
     return jsonify.make_json_response({})
 
-@site.route('/logout', methods=['GET', 'POST'])
+@site.route('/logout', methods=['POST'])
 @session_manager.give_token
 def logout():
     session_manager.remove(request)
-    response = flask.Response('redirect', status=302, headers={'Location': common.back_url()})
+    response = jsonify.make_json_response({})
     return response
 
 # User registration ################################################################################
diff --git a/frontends/etiquette_flask/static/css/common.css b/frontends/etiquette_flask/static/css/common.css
index 1dda1e1..2b72a11 100644
--- a/frontends/etiquette_flask/static/css/common.css
+++ b/frontends/etiquette_flask/static/css/common.css
@@ -37,6 +37,11 @@ pre
 
     margin-bottom: 4px;
 }
+#header button
+{
+    border: 0;
+    cursor: pointer;
+}
 .header_element
 {
     display: flex;
@@ -49,6 +54,7 @@ pre
 {
     background-color: #ffffd4;
 }
+
 .editor_input
 {
     width: 100%;
diff --git a/frontends/etiquette_flask/templates/header.html b/frontends/etiquette_flask/templates/header.html
index f13286f..473617d 100644
--- a/frontends/etiquette_flask/templates/header.html
+++ b/frontends/etiquette_flask/templates/header.html
@@ -5,7 +5,7 @@
     <a class="header_element" href="/tags">Tags</a>
     {% if session.user %}
     <a class="header_element" href="/user/{{session.user.username}}">{{session.user.display_name}}</a>
-    <a class="header_element" href="/logout" style="flex:0">Logout</a>
+    <button class="header_element" onclick="common.post('/logout', null, common.refresh);" style="flex:0">Logout</button>
     {% else %}
     <a class="header_element" href="/login">Log in</a>
     {% endif %}
diff --git a/frontends/etiquette_flask/templates/user.html b/frontends/etiquette_flask/templates/user.html
index 3c7053f..b368df2 100644
--- a/frontends/etiquette_flask/templates/user.html
+++ b/frontends/etiquette_flask/templates/user.html
@@ -6,6 +6,7 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <link rel="stylesheet" href="/static/css/common.css">
+    <script src="/static/js/common.js"></script>
 
 <style>
 #content_body