spree_auth_devise icon indicating copy to clipboard operation
spree_auth_devise copied to clipboard

Published 20 hours ago verified publisher icon spree

Log out via POST request

Open hnatt opened this issue 9 years ago • 5 comments

Fixes #302

This is a breaking change since many users probably have overriden the view files, so I'm not sure this needs to be introduced to stable branches.

hnatt avatar Oct 09 '15 19:10 hnatt

Why not destroy?

JDutil avatar Oct 13 '15 23:10 JDutil

I thought "destroy" and other fancy verbs are only for RESTful routes.

hnatt avatar Oct 14 '15 20:10 hnatt

Sorry should be method DELETE. Like: <%= link_to 'Sign out', destroy_user_session_path, method: :delete %>

JDutil avatar Oct 14 '15 23:10 JDutil

"DELETE /logout" request does not make much sense. Like "logout" is a resource and we're deleting it. Should I make all routing RESTful? Or just make this "DELETE /logout" thing?

Be it POST or DELETE (which also will be simulated with a POST in browsers) does not matter in regard to CSRF.

hnatt avatar Oct 15 '15 07:10 hnatt

@damianlegawiec @bbonislawski What do you think about it? It seems like a breaking change to a lot of users so I'm not sure whether it's a smart move to merge it. DELETE makes much more sense than GET to me though

kushniryb avatar Jun 22 '18 12:06 kushniryb