From 73541a7aa390134371cd337c9830c39980f85980 Mon Sep 17 00:00:00 2001
From: Thatsaphorn Atchariyaphap <thatsaphorn@outlook.de>
Date: Sat, 14 Jun 2025 10:04:54 +0200
Subject: [PATCH] Simplify `ProfileDropdown` logout logic by redirecting to
 `/logout` and update `nginx.conf` to restrict `/logout` to GET and POST
 methods only.

---
 main-website/components/ProfileDropdown.tsx | 3 +--
 nginx.conf                                  | 2 ++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/main-website/components/ProfileDropdown.tsx b/main-website/components/ProfileDropdown.tsx
index 44c224c..8b70ea8 100644
--- a/main-website/components/ProfileDropdown.tsx
+++ b/main-website/components/ProfileDropdown.tsx
@@ -16,8 +16,7 @@ export default function ProfileDropdown() {
     }, [])
 
     const handleLogout = async () => {
-        await fetch('/logout', { method: 'POST' })
-        router.push('/')
+        window.location.href = '/logout'
     }
 
     const name = profile.email || profile.user || 'Loading...'
diff --git a/nginx.conf b/nginx.conf
index d8b36ef..9ffb913 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -40,6 +40,8 @@ http {
 
     # Full logout: clears local session and redirects to Keycloak logout
     location = /logout {
+      limit_except GET POST { deny all; }  # allow both GET and POST
+
       access_by_lua_block {
         local session = require("resty.session").start()
         session:destroy()