Gitlab-Migration/demo-websites
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify ProfileDropdown logout logic by redirecting to /logout and update nginx.conf to restrict /logout to GET and POST methods only.

Browse Source
This commit is contained in:
Thatsaphorn
2025-06-14 10:04:54 +02:00
parent 3fc0cf1207
commit 73541a7aa3
2 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
main-website/components/ProfileDropdown.tsx
View File

@@ -16,8 +16,7 @@ export default function ProfileDropdown() {
}, []) }, [])
const handleLogout = async () => { const handleLogout = async () => {
await fetch('/logout', { method: 'POST' }) window.location.href = '/logout'
router.push('/')
} }
const name = profile.email || profile.user || 'Loading...' const name = profile.email || profile.user || 'Loading...'

2
nginx.conf
View File

@@ -40,6 +40,8 @@ http {
# Full logout: clears local session and redirects to Keycloak logout # Full logout: clears local session and redirects to Keycloak logout
location = /logout { location = /logout {
limit_except GET POST { deny all; } # allow both GET and POST
access_by_lua_block { access_by_lua_block {
local session = require("resty.session").start() local session = require("resty.session").start()
session:destroy() session:destroy()