Closed deni-zen closed 8 years ago
It occurred to me as I went to write a patch for this that maybe your intention was to require a POST for logout (as it is, I believe, technically, more correct to request a logout via POST). Before I go through the trouble of submitting a pull request, which of these was your intention?
Yes. The logout route is set to POST for security reasons.
You can follow the ticket for this decision at https://github.com/stormpath/stormpath-framework-spec/issues/43 .
Was there some documentation that you found that still referenced Logout as a GET request that we need to update, or even a better way we can explain this in documentation for other developers that may have thought the same thing?
-Brian
When I try to log out using the default settings with a fresh install, I get a MethodNotAllowedHttpException because although I am requesting "/logout" via GET, the routes file requires POST. Your unit tests are bad as well. I will submit a pull request that fixes this issue.