aaronrenner / phx_gen_auth

An authentication system generator for Phoenix 1.5 applications.
772 stars 55 forks source link

use of HTTP DELETE verb for log out causing issues #122

Closed rayrrr closed 3 years ago

rayrrr commented 3 years ago

This generator is looking good overall!

As for the log out link, though, I am getting a "no route to host" from Phoenix upon clicking "log out" for a logged-in user. Even though the code is describing the use of a DELETE verb in the request, Phoenix is interpreting it as a GET request.

Upon further reading here https://stackoverflow.com/questions/6926512/how-to-specify-delete-method-in-a-link-or-form it seems like the best practice is to always use GET for links, even for logging out. I made that change in the generated code (and the matching change in my route to handle a GET request instead of DELETE) and now it works. Can we make this change in the generator?

josevalim commented 3 years ago

The issue is that some link accelerator or browser extensions automatically traverse things and that may sign the user out. Actions that are destructive on the server, which logout is, should never be done via GET. If DELETE is not working, is most likely because the JavaScript extension in Phoenix.HTML not working as expected. Otherwise phx.gen.auth should work!

rayrrr commented 3 years ago

Hi @josevalim your tip about Phoenix.HTML JavaScript helped a lot. The line import "phoenix_html" was missing from app.js and putting it in there made the DELETE HTTP verb sign-out links function correctly. Thank you for your quick reply and for creating such an exciting language in the first place!