Skip to content
This repository was archived by the owner on Feb 10, 2025. It is now read-only.

Commit cff4f66

Browse files
committed
fix: django 5 logout is POST not GET
1 parent 929191d commit cff4f66

4 files changed

Lines changed: 29 additions & 5 deletions

File tree

packages/common/package.json

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,8 @@
4444
"peerDependencies": {
4545
"@apollo/client": "^3.8.10",
4646
"react": "^18.2.0",
47-
"react-dom": "^18.2.0"
47+
"react-dom": "^18.2.0",
48+
"typescript-cookie": "^1.0.6"
4849
},
4950
"devDependencies": {
5051
"@apollo/client": "^3.8.10",
@@ -71,6 +72,7 @@
7172
"stylelint-config-standard": "^36.0.0",
7273
"stylelint-config-styled-components": "^0.1.1",
7374
"ts-jest": "^29.1.2",
74-
"typescript": "^5.2.2"
75+
"typescript": "^5.2.2",
76+
"typescript-cookie": "^1.0.6"
7577
}
7678
}

packages/common/src/browserHelpers.ts

Lines changed: 21 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
import { z } from "zod";
22
import { isBrowser } from "./helpers";
33
import { getSignOutUrl, getSignInUrl } from "./urlBuilder";
4+
import { getCookie } from "typescript-cookie";
45

56
// TODO add wrapper a that blocks importing on nodejs
67

@@ -31,5 +32,24 @@ export function signOut(apiBaseUrl: string) {
3132
if (!isBrowser) {
3233
throw new Error("signIn can only be called in the browser");
3334
}
34-
window.location.href = getSignOutUrl(apiBaseUrl);
35+
const logoutUrl = getSignOutUrl(apiBaseUrl);
36+
const csrfToken = getCookie("csrftoken");
37+
if (!csrfToken) {
38+
throw new Error("csrf token not found");
39+
}
40+
41+
// NOTE dynamically create a form and submit it so this function can be used anywhere
42+
// can't use fetch because the logout goes through redirects after Django logout
43+
const form = document.createElement("form");
44+
form.method = "POST";
45+
form.action = logoutUrl;
46+
form.style.display = "none";
47+
const csrfTokenInput = document.createElement("input");
48+
csrfTokenInput.type = "hidden";
49+
csrfTokenInput.name = "csrfmiddlewaretoken";
50+
csrfTokenInput.value = csrfToken;
51+
form.appendChild(csrfTokenInput);
52+
document.body.appendChild(form);
53+
form.submit();
54+
document.body.removeChild(form);
3555
}

packages/common/src/urlBuilder.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,5 +45,5 @@ export function getSignInUrl(
4545
/// @return url for logging out with redirect url to /logout
4646
export function getSignOutUrl(apiBaseUrl: string): string {
4747
const authUrl = buildAuthUrl(apiBaseUrl);
48-
return `${authUrl}logout`;
48+
return `${authUrl}logout/`;
4949
}

pnpm-lock.yaml

Lines changed: 3 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)