Open kulakowka opened 9 years ago
Explain me why did you make logout using GET /logout ?
GET /logout
It's not safe. Anyone malefactor can insert a picture <img src="http://yousite.com/logout" /> and your users will logged out.
<img src="http://yousite.com/logout" />
It may be better to do POST /logout?
POST /logout
Agreed
+1
Any update on this one?
Explain me why did you make logout using
GET /logout
?It's not safe. Anyone malefactor can insert a picture
<img src="http://yousite.com/logout" />
and your users will logged out.It may be better to do
POST /logout
?