diff options
Diffstat (limited to 'app/layout/header.phtml')
| -rw-r--r-- | app/layout/header.phtml | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/app/layout/header.phtml b/app/layout/header.phtml index b152ed78a..1e4290f98 100644 --- a/app/layout/header.phtml +++ b/app/layout/header.phtml @@ -50,6 +50,9 @@ <?php if (FreshRSS_Auth::hasAccess()) { ?> <nav class="item configure"> + <form id="post-csrf" method="post"> + <input type="hidden" name="_csrf" value="<?= FreshRSS_Auth::csrfToken() ?>" /> + </form> <div class="dropdown"> <div id="dropdown-configure" class="dropdown-target"></div> <a class="btn dropdown-toggle" href="#dropdown-configure"><?= _i('configure') ?></a> @@ -63,7 +66,9 @@ <ul> <li class="item"><a href="<?= _url('user', 'profile') ?>"><?= _t('gen.menu.user_profile') ?></a></li> <?php if (FreshRSS_Auth::accessNeedsAction()): ?> - <li class="item"><a class="signout" href="<?= _url('auth', 'logout') ?>"><?= _t('gen.auth.logout'); ?><?= _i('logout') ?></a></li> + <li class="item"> + <button class="as-link signout" form="post-csrf" formaction="<?= _url('auth', 'logout') ?>"><?= _t('gen.auth.logout'); ?><?= _i('logout') ?></button> + </li> <?php else: ?> <li class="item"><span class="signout">(<?= htmlspecialchars(Minz_User::name() ?? '', ENT_NOQUOTES, 'UTF-8') ?>)</span></li> <?php endif; ?> |