authenticate: validate origin of signout (#1876)

* authenticate: validate origin of signout - add a debug task to kill envoy - improve various function docs - userinfo: return "error" page if user is logged out without redirect uri set - remove front channel logout. There's little difference between it, and the signout function. Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>
2025-06-05 12:23:03 +02:00 · 2021-02-11 21:37:54 -08:00 · 2021-02-11 21:37:54 -08:00 · c3e3ed9b50
commit c3e3ed9b50
parent 9fd58f9b8a
11 changed files with 174 additions and 182 deletions
--- a/internal/frontend/assets/html/userInfo.html
+++ b/internal/frontend/assets/html/userInfo.html
@ -12,7 +12,13 @@
    <div class="header clearfix">
      <div class="heading">
        <a href="{{.RedirectURL}}" class="logo"></a>
-        <span><a class="button" href="{{.SignOutURL}}">Logout</a></span>
+            <span>
+              <form action="{{.SignOutURL}}" method="post">
+                {{.csrfField}}
+                <input type="hidden" name="pomerium_redirect_uri" value="{{.RedirectURL}}">
+                <input class="button" type="submit" value="Logout"/>
+              </form>
+            </span>
      </div>
    </div>
    <div class="content">