Add _token parameter to redirectToPost #1151

2016-01-24 14:37:44 +02:00 · 2016-01-24 14:37:44 +02:00 · cf5a390cad
commit cf5a390cad
parent be9d0a281d
3 changed files with 8 additions and 1 deletions
--- a/yesod-core/ChangeLog.md
+++ b/yesod-core/ChangeLog.md
@ -1,3 +1,7 @@
+## 1.4.19
+
+* Auth logout not working with defaultCsrfMiddleware [#1151](https://github.com/yesodweb/yesod/issues/1151)
+
 ## 1.4.18.2

 * Allow subsites within hierarchical routes [#1144](https://github.com/yesodweb/yesod/pull/1144)
--- a/yesod-core/Yesod/Core/Handler.hs
+++ b/yesod-core/Yesod/Core/Handler.hs
@ -890,6 +890,7 @@ redirectToPost :: (MonadHandler m, RedirectUrl (HandlerSite m) url)
               -> m a
 redirectToPost url = do
    urlText <- toTextUrl url
+    req <- getRequest
    withUrlRenderer [hamlet|
 $newline never
 $doctype 5
@ -899,6 +900,8 @@ $doctype 5
        <title>Redirecting...
    <body onload="document.getElementById('form').submit()">
        <form id="form" method="post" action=#{urlText}>
+            $maybe token <- reqToken req
+                <input type=hidden name=#{defaultCsrfParamName} value=#{token}>
            <noscript>
                <p>Javascript has been disabled; please click on the button below to be redirected.
            <input type="submit" value="Continue">
--- a/yesod-core/yesod-core.cabal
+++ b/yesod-core/yesod-core.cabal
@ -1,5 +1,5 @@
 name:            yesod-core
-version:         1.4.18.2
+version:         1.4.19
 license:         MIT
 license-file:    LICENSE
 author:          Michael Snoyman <michael@snoyman.com>