Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Logout should be via POST, not GET #309

Open
chaoran-chen opened this issue Nov 18, 2024 · 0 comments
Open

Logout should be via POST, not GET #309

chaoran-chen opened this issue Nov 18, 2024 · 0 comments
Labels
frontend Changes to the frontend

Comments

@chaoran-chen
Copy link
Member

At the moment, the user gets logged out (or is supposed to get logged out (#308)) when navigation to /logout via GET. This is not a good behavior as a GET request should not modify a state. An action like logout should only be performed via POST. I.e., instead of the current <a> link, we should have something like:

<form method="POST" action="/logout">
	<button type="submit">Logout</button>
</form>

And the page should only perform the logout, if it is called via POST.
@chaoran-chen chaoran-chen added the frontend Changes to the frontend label Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
frontend Changes to the frontend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chaoran-chen