Project

General

Profile

Bug #10605

Visiting /users/logout leads to 404

Added by Jan Pazdziora over 5 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

When visiting /users/logout, either by opening it from menu in new tab or by following bookmarked URL, the result is

404
The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.

The reason is that 4e3a7e7a2a542435686a667773eafc73c92e557b changed logout to be available on POST only.

If the actual action needs to be POST to prevent CSRF, shouldn't there be a GET-handled page which would ask for confirmation and then issue the POST request? If Foreman is striving for REST even on the WebUI, POST does not sound like a correct method for logout anyway.

In any way, user should not be presented with hurdles like 404 when they try to logout.

Associated revisions

Revision 3f579c3e (diff)
Added by Marek Hulán almost 5 years ago

Fixes #10605 - handle logout accessed by GET

History

#1 Updated by The Foreman Bot almost 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Marek Hulán
  • Pull request https://github.com/theforeman/foreman/pull/3419 added

#2 Updated by Marek Hulán almost 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#3 Updated by Dominic Cleal almost 5 years ago

  • Legacy Backlogs Release (now unused) set to 136

Also available in: Atom PDF