Next-auth: How to disable "Are you sure you want to sign out?" confirm message?

Created on 29 Oct 2020  路  3Comments  路  Source: nextauthjs/next-auth

Your question
How to disable "Are you sure you want to sign out?" confirm message?

What are you trying to do
In some automated e2e tests I log in and out between the test cases, but sometimes the tests fail because instead of the login page this confirm message is displayed after pressing the sign out button. I know that this can be fixed by preparing the tests for this element but I would like to know where this comes from.
Maybe I am missing something obvious, but I couldn't find information about where this comes from.
Thank you :)

Feedback
Documentation refers to searching through online documentation, code comments and issue history. The example project refers to next-auth-example.

  • [ ] Found the documentation helpful
  • [ ] Found documentation but was incomplete
  • [x] Could not find relevant documentation
  • [ ] Found the example project helpful
  • [ ] Did not find the example project helpful
question
Source
picture barbara-lea
👍1

All 3 comments

Hi there!

Using the signOut() method on a button in the client, as used in the example project, should avoid triggering this page:
https://next-auth-example.now.sh/

The reason the page is there is a fallback for security designed to prevent Cross Site Scripting (XSS) attacks - it ensures a valid CSRF token is sent as a POST request to /api/auth/signout. If the token is missing then it presents that page, which has a form with a single button, which has the token in it (clicking the button then submits an HTTP POST form with an CSRF Token and so should "just work").

I'm not sure why this would fail in a test sometimes, though does not surprise me given how tricky e2e testing is. :-) Perhaps it is falling back because the button is being clicked before the JavaScript on the page has loaded, so waiting a second before signing out might fix it.

The sign out page cannot be disabled (as it is also intended as a built in fallback for clients that don't have JavaScript) but it can be fully customised, like the other built-in pages:
https://next-auth.js.org/configuration/pages

iaincollins picture iaincollins on 29 Oct 2020
1

Thank you for the detailed explanation. Seems like this is the problem. :)

barbara-lea picture barbara-lea on 29 Oct 2020
👍1

Glad I could help!

iaincollins picture iaincollins on 30 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alephart picture alephart  路  3Comments
iaincollins picture iaincollins  路  3Comments
Xetera picture Xetera  路  3Comments
bscaspar picture bscaspar  路  3Comments
ghoshnirmalya picture ghoshnirmalya  路  3Comments