Make /logout operate on POST only.

frontends/etiquette_flask/etiquette_flask/endpoints/user_endpoints.py

@@ -83,11 +83,11 @@ def post_login():
     session_manager.add(session)
     return jsonify.make_json_response({})
 
-@site.route('/logout', methods=['GET', 'POST'])
+@site.route('/logout', methods=['POST'])
 @session_manager.give_token
 def logout():
     session_manager.remove(request)
-    response = flask.Response('redirect', status=302, headers={'Location': common.back_url()})
+    response = jsonify.make_json_response({})
     return response
 
 # User registration ################################################################################

frontends/etiquette_flask/static/css/common.css

@@ -37,6 +37,11 @@ pre
 
     margin-bottom: 4px;
 }
+#header button
+{
+    border: 0;
+    cursor: pointer;
+}
 .header_element
 {
     display: flex;
@@ -49,6 +54,7 @@ pre
 {
     background-color: #ffffd4;
 }
+
 .editor_input
 {
     width: 100%;

frontends/etiquette_flask/templates/header.html

@@ -5,7 +5,7 @@
     <a class="header_element" href="/tags">Tags</a>
     {% if session.user %}
     <a class="header_element" href="/user/{{session.user.username}}">{{session.user.display_name}}</a>
-    <a class="header_element" href="/logout" style="flex:0">Logout</a>
+    <button class="header_element" onclick="common.post('/logout', null, common.refresh);" style="flex:0">Logout</button>
     {% else %}
     <a class="header_element" href="/login">Log in</a>
     {% endif %}

frontends/etiquette_flask/templates/user.html

@@ -6,6 +6,7 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
     <link rel="stylesheet" href="/static/css/common.css">
+    <script src="/static/js/common.js"></script>
 
 <style>
 #content_body