From 3c96b9185b9665e3b598eec1beb580e0b54bf908 Mon Sep 17 00:00:00 2001 From: Changaco Date: Fri, 12 Dec 2014 17:36:46 +0100 Subject: [PATCH 1/2] fix JS sign-out (closes #2991) --- www/sign-out.html.spt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/www/sign-out.html.spt b/www/sign-out.html.spt index cf2e2740d3..7965d58c55 100644 --- a/www/sign-out.html.spt +++ b/www/sign-out.html.spt @@ -8,6 +8,9 @@ if user.ANON: if POST: user.sign_out(response.headers.cookie) + if request.headers.get('X-Requested-With') == 'XMLHttpRequest': + raise Response(200) + if 'back_to' in request.body: back_to = request.body['back_to'] else: From 68af1a911853b18806b64fd4fab6a2d68154c270 Mon Sep 17 00:00:00 2001 From: Changaco Date: Sat, 13 Dec 2014 18:14:33 +0100 Subject: [PATCH 2/2] add a regression test --- tests/py/test_pages.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/py/test_pages.py b/tests/py/test_pages.py index 7880a46e05..87bfa275ac 100644 --- a/tests/py/test_pages.py +++ b/tests/py/test_pages.py @@ -96,6 +96,12 @@ def test_sign_out_overwrites_session_cookie(self): assert response.code == 302 assert response.headers.cookie[SESSION].value == '' + def test_sign_out_doesnt_redirect_xhr(self): + self.make_participant('alice') + response = self.client.PxST('/sign-out.html', auth_as='alice', + HTTP_X_REQUESTED_WITH=b'XMLHttpRequest') + assert response.code == 200 + def test_receipts_signed_in(self): self.make_participant('alice', claimed_time='now') self.db.run("INSERT INTO exchanges (id, participant, amount, fee) "