shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <>
Subject [jira] [Created] (SHIRO-595) Allow for POST only logout requests
Date Fri, 21 Oct 2016 14:15:58 GMT
Brian Demers created SHIRO-595:

             Summary: Allow for POST only logout requests
                 Key: SHIRO-595
             Project: Shiro
          Issue Type: Bug
            Reporter: Brian Demers


A logout causes a change of state, so should NOT be a GET.

Also, due to browser pre-fetching, a typing {{http://localhost:8080/log}} may cause a prefetch
to {{/logout}}

To stay backwards compatible, this need to be an op-in feature.

The proposed solution set a {{shiro.postOnlyLogout = true}} attribute, (same as {{logout.postOnlyLogout
= true}})

This message was sent by Atlassian JIRA

View raw message