(security) use POST for logout rather than GET
see https://github.com/pterodactyl/panel/security/advisories/GHSA-m49f-hcxp-6hm6
This commit is contained in:
parent
22a8b2b3a2
commit
45999ba4ee
3 changed files with 18 additions and 5 deletions
|
@ -11,7 +11,7 @@ The following versions of Pterodactyl are receiving active support and maintenan
|
||||||
|
|
||||||
## Reporting a Vulnerability
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
Please reach out directly to any project team member on Discord when reporting a security vulnerability, or you can send an email to `dane [ät] pterodactyl.io`.
|
Please reach out directly to any project team member on Discord when reporting a security vulnerability, or you can send an email to `dane@pterodactyl.io`.
|
||||||
|
|
||||||
We make every effort to respond as soon as possible, although it may take a day or two for us to sync internally and determine the severity of the report and its impact. Please, _do not_ use a public facing channel or GitHub issues to report sensitive security issues.
|
We make every effort to respond as soon as possible, although it may take a day or two for us to sync internally and determine the severity of the report and its impact. Please, _do not_ use a public facing channel or GitHub issues to report sensitive security issues.
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,9 @@ import { ApplicationStore } from '@/state';
|
||||||
import SearchContainer from '@/components/dashboard/search/SearchContainer';
|
import SearchContainer from '@/components/dashboard/search/SearchContainer';
|
||||||
import tw, { theme } from 'twin.macro';
|
import tw, { theme } from 'twin.macro';
|
||||||
import styled from 'styled-components/macro';
|
import styled from 'styled-components/macro';
|
||||||
|
import http from '@/api/http';
|
||||||
|
import SpinnerOverlay from '@/components/elements/SpinnerOverlay';
|
||||||
|
import { useState } from 'react';
|
||||||
|
|
||||||
const Navigation = styled.div`
|
const Navigation = styled.div`
|
||||||
${tw`w-full bg-neutral-900 shadow-md overflow-x-auto`};
|
${tw`w-full bg-neutral-900 shadow-md overflow-x-auto`};
|
||||||
|
@ -27,7 +30,7 @@ const Navigation = styled.div`
|
||||||
const RightNavigation = styled.div`
|
const RightNavigation = styled.div`
|
||||||
${tw`flex h-full items-center justify-center`};
|
${tw`flex h-full items-center justify-center`};
|
||||||
|
|
||||||
& > a, & > .navigation-link {
|
& > a, & > button, & > .navigation-link {
|
||||||
${tw`flex items-center h-full no-underline text-neutral-300 px-6 cursor-pointer transition-all duration-150`};
|
${tw`flex items-center h-full no-underline text-neutral-300 px-6 cursor-pointer transition-all duration-150`};
|
||||||
|
|
||||||
&:active, &:hover {
|
&:active, &:hover {
|
||||||
|
@ -43,9 +46,19 @@ const RightNavigation = styled.div`
|
||||||
export default () => {
|
export default () => {
|
||||||
const name = useStoreState((state: ApplicationStore) => state.settings.data!.name);
|
const name = useStoreState((state: ApplicationStore) => state.settings.data!.name);
|
||||||
const rootAdmin = useStoreState((state: ApplicationStore) => state.user.data!.rootAdmin);
|
const rootAdmin = useStoreState((state: ApplicationStore) => state.user.data!.rootAdmin);
|
||||||
|
const [ isLoggingOut, setIsLoggingOut ] = useState(false);
|
||||||
|
|
||||||
|
const onTriggerLogout = () => {
|
||||||
|
setIsLoggingOut(true);
|
||||||
|
http.post('/auth/logout').finally(() => {
|
||||||
|
// @ts-ignore
|
||||||
|
window.location = '/';
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
return (
|
return (
|
||||||
<Navigation>
|
<Navigation>
|
||||||
|
<SpinnerOverlay visible={isLoggingOut} />
|
||||||
<div css={tw`mx-auto w-full flex items-center`} style={{ maxWidth: '1200px', height: '3.5rem' }}>
|
<div css={tw`mx-auto w-full flex items-center`} style={{ maxWidth: '1200px', height: '3.5rem' }}>
|
||||||
<div id={'logo'}>
|
<div id={'logo'}>
|
||||||
<Link to={'/'}>
|
<Link to={'/'}>
|
||||||
|
@ -65,9 +78,9 @@ export default () => {
|
||||||
<FontAwesomeIcon icon={faCogs}/>
|
<FontAwesomeIcon icon={faCogs}/>
|
||||||
</a>
|
</a>
|
||||||
}
|
}
|
||||||
<a href={'/auth/logout'}>
|
<button onClick={onTriggerLogout}>
|
||||||
<FontAwesomeIcon icon={faSignOutAlt}/>
|
<FontAwesomeIcon icon={faSignOutAlt}/>
|
||||||
</a>
|
</button>
|
||||||
</RightNavigation>
|
</RightNavigation>
|
||||||
</div>
|
</div>
|
||||||
</Navigation>
|
</Navigation>
|
||||||
|
|
|
@ -48,4 +48,4 @@ Route::group(['middleware' => 'guest'], function () {
|
||||||
| Endpoint: /auth
|
| Endpoint: /auth
|
||||||
|
|
|
|
||||||
*/
|
*/
|
||||||
Route::get('/logout', 'LoginController@logout')->name('auth.logout')->middleware('auth');
|
Route::post('/logout', 'LoginController@logout')->name('auth.logout')->middleware('auth', 'csrf');
|
||||||
|
|
Loading…
Reference in a new issue