recoilme / tgram

typegram: open source publishing platform
http://tgr.am
GNU General Public License v3.0
335 stars 32 forks source link

Use POST request for logging out #96

Closed ghost closed 6 years ago

ghost commented 6 years ago

With GET a malicious user can forcibly log out your users by posting an "image" with src=/logout (![title](/logout) in markdown).

recoilme commented 6 years ago

nice, as always