Fix logout triggering 404 error

See https://talk.tiddlywiki.org/t/logout-error-xmlhttprequest-error-code-404/5590/5 for details We can't POST to the logout endpoint without triggering authentication, so we report in advance whether logout is supported.
2022-12-24 12:13:01 +00:00 · 2022-12-24 12:13:01 +00:00 · 95e6168839
parent 73507ca8b5
commit 95e6168839
3 changed files with 26 additions and 17 deletions
--- a/core/modules/server/routes/get-status.js
+++ b/core/modules/server/routes/get-status.js
@ -21,6 +21,7 @@ exports.handler = function(request,response,state) {
 		username: state.authenticatedUsername || state.server.get("anon-username") || "",
 		anonymous: !state.authenticatedUsername,
 		read_only: !state.server.isAuthorized("writers",state.authenticatedUsername),
+		logout_is_available: false,
 		space: {
 			recipe: "default"
 		},
--- a/editions/tw5.com/tiddlers/webserver/WebServer
+++ b/editions/tw5.com/tiddlers/webserver/WebServer
@ -25,6 +25,7 @@ The JSON data returned comprises the following properties:
 * ''username'' - the username of the currently authenticated user. If undefined, the [[WebServer Parameter: anon-username]] is returned instead
 * ''anonymous'' - true if the current user is anonymous
 * ''read_only'' - true if the current user is restricted to read only access to the server
+* ''logout_is_available'' - true if the server supports logging out (optional, defaults to true)
 * ''space'' - always contains the object `{recipe: "default"}`
 * ''tiddlywiki_version''  - the current TiddlyWiki version

--- a/plugins/tiddlywiki/tiddlyweb/tiddlywebadaptor.js
+++ b/plugins/tiddlywiki/tiddlyweb/tiddlywebadaptor.js
@ -23,6 +23,7 @@ function TiddlyWebAdaptor(options) {
 	this.logger = new $tw.utils.Logger("TiddlyWebAdaptor");
 	this.isLoggedIn = false;
 	this.isReadOnly = false;
+	this.logoutIsAvailable = true;
 }

 TiddlyWebAdaptor.prototype.name = "tiddlyweb";
@ -91,6 +92,7 @@ TiddlyWebAdaptor.prototype.getStatus = function(callback) {
 				self.isLoggedIn = json.username !== "GUEST";
 				self.isReadOnly = !!json["read_only"];
 				self.isAnonymous = !!json.anonymous;
+				self.logoutIsAvailable = "logout_is_available" in json ? !!json["logout_is_available"] : true;
 			}
 			// Invoke the callback if present
 			if(callback) {
@ -127,23 +129,28 @@ TiddlyWebAdaptor.prototype.login = function(username,password,callback) {
 /*
 */
 TiddlyWebAdaptor.prototype.logout = function(callback) {
-	var options = {
-		url: this.host + "logout",
-		type: "POST",
-		data: {
-			csrf_token: this.getCsrfToken(),
-			tiddlyweb_redirect: "/status" // workaround to marginalize automatic subsequent GET
-		},
-		callback: function(err,data) {
-			callback(err);
-		},
-		headers: {
-			"accept": "application/json",
-			"X-Requested-With": "TiddlyWiki"
-		}
-	};
-	this.logger.log("Logging out:",options);
-	$tw.utils.httpRequest(options);
+	if(this.logoutIsAvailable) {
+		var options = {
+			url: this.host + "logout",
+			type: "POST",
+			data: {
+				csrf_token: this.getCsrfToken(),
+				tiddlyweb_redirect: "/status" // workaround to marginalize automatic subsequent GET
+			},
+			callback: function(err,data,xhr) {
+				callback(err);
+			},
+			headers: {
+				"accept": "application/json",
+				"X-Requested-With": "TiddlyWiki"
+			}
+		};
+		this.logger.log("Logging out:",options);
+		$tw.utils.httpRequest(options);
+	} else {
+		alert("This server does not support logging out. If you are using basic authentication the only way to logout is close all browser windows");
+		callback(null);
+	}
 };

 /*