shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Demers (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (SHIRO-595) Allow for POST only logout requests
Date Fri, 21 Oct 2016 14:15:58 GMT

     [ https://issues.apache.org/jira/browse/SHIRO-595?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brian Demers reassigned SHIRO-595:
----------------------------------

    Assignee: Brian Demers

> Allow for POST only logout requests
> -----------------------------------
>
>                 Key: SHIRO-595
>                 URL: https://issues.apache.org/jira/browse/SHIRO-595
>             Project: Shiro
>          Issue Type: Bug
>            Reporter: Brian Demers
>            Assignee: Brian Demers
>
> See:
> http://stackoverflow.com/questions/3521290/logout-get-or-post
> A logout causes a change of state, so should NOT be a GET.
> Also, due to browser pre-fetching, a typing {{http://localhost:8080/log}} may cause a
prefetch to {{/logout}}
> To stay backwards compatible, this need to be an op-in feature.
> The proposed solution set a {{shiro.postOnlyLogout = true}} attribute, (same as {{logout.postOnlyLogout
= true}})



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message