[jira] [Created] (SHIRO-595) Allow for POST only logout requests

Brian Demers (JIRA) Fri, 21 Oct 2016 07:22:29 -0700

Brian Demers created SHIRO-595:
----------------------------------

             Summary: Allow for POST only logout requests
                 Key: SHIRO-595
                 URL: https://issues.apache.org/jira/browse/SHIRO-595
             Project: Shiro
          Issue Type: Bug
            Reporter: Brian Demers



See:
http://stackoverflow.com/questions/3521290/logout-get-or-post

A logout causes a change of state, so should NOT be a GET.

Also, due to browser pre-fetching, a typing {{http://localhost:8080/log}} may 
cause a prefetch to {{/logout}}

To stay backwards compatible, this need to be an op-in feature.

The proposed solution set a {{shiro.postOnlyLogout = true}} attribute, (same as 
{{logout.postOnlyLogout = true}})






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SHIRO-595) Allow for POST only logout requests

Reply via email to