From 1f36ec29c83bf5826c90986e071705888c83036c Mon Sep 17 00:00:00 2001
From: Adam Mathes <adam@adammathes.com>
Date: Mon, 16 Feb 2026 08:49:08 -0800
Subject: Fix v3 build process and CSRF login/logout exclusions

- Update Makefile to correctly build and copy frontend-vanilla (v3) assets
- Fix frontend-vanilla/vite.config.ts to build to its own dist directory
- Normalize CSRF check path and exclude /api/logout to fix v3 session clearing
- Include latest built assets for v3
---
 web/login_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'web/login_test.go')

diff --git a/web/login_test.go b/web/login_test.go
index b48e7bc..cd3cb01 100644
--- a/web/login_test.go
+++ b/web/login_test.go
@@ -51,8 +51,8 @@ func TestCSRFLoginExclusion(t *testing.T) {
 	if rr.Code == http.StatusForbidden {
 		t.Errorf("Expected /login/ POST to be allowed without CSRF token, got 403 Forbidden")
 	}
-	if rr.Code != http.StatusTemporaryRedirect {
-		t.Errorf("Expected 307 Redirect on successful login, got %d", rr.Code)
+	if rr.Code != http.StatusSeeOther {
+		t.Errorf("Expected 303 Redirect on successful login, got %d", rr.Code)
 	}
 
 	// Test 2: POST /other without CSRF token
-- 
cgit v1.2.3