User logout without CSRF token redirect to 404

Created on 24 October 2024, 6 months ago

Updated 14 March 2025, about 2 months ago

Problem/Motivation

Now with the user logout route CSRF protected introduced in version 10.3.0 the route /user/logout is redirecting to 404 rather than redirect to /user/logout/confirm.

Steps to reproduce

Use any code that has a logout path hard coded and uses the m4032404 module and it will redirect to 404 page rather than to the confirmation page.

<a href="/user/logout">{{ 'Log out'|t }}</a>

Proposed resolution

Bypass the specific route /user/logout/ using this fork: m4032404-3358555

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

1.0

Component

Code

Created by

eduardo_pfizer

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

First commit to issue fork.
Comment about 2 months ago →
🇸🇮Slovenia paranojik
Posted a PR that should fix the case where CsrfExceptionSubscriber would handle the redirect.
Comment about 2 months ago →
🇸🇮Slovenia paranojik

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024