Project

General

Profile

Actions

Bug #10605

closed

Visiting /users/logout leads to 404

Added by Jan Pazdziora over 9 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authentication
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

When visiting /users/logout, either by opening it from menu in new tab or by following bookmarked URL, the result is

404
The page you were looking for doesn't exist.
You may have mistyped the address or the page may have moved.

The reason is that 4e3a7e7a2a542435686a667773eafc73c92e557b changed logout to be available on POST only.

If the actual action needs to be POST to prevent CSRF, shouldn't there be a GET-handled page which would ask for confirmation and then issue the POST request? If Foreman is striving for REST even on the WebUI, POST does not sound like a correct method for logout anyway.

In any way, user should not be presented with hurdles like 404 when they try to logout.

Actions

Also available in: Atom PDF