[jira] [Resolved] (SHIRO-595) Allow for POST only logout requests

Brian Demers (JIRA) Fri, 21 Oct 2016 07:56:25 -0700

     [ 
https://issues.apache.org/jira/browse/SHIRO-595?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Brian Demers resolved SHIRO-595.
--------------------------------
       Resolution: Fixed
    Fix Version/s: 1.4.0

> Allow for POST only logout requests
> -----------------------------------
>
>                 Key: SHIRO-595
>                 URL: https://issues.apache.org/jira/browse/SHIRO-595
>             Project: Shiro
>          Issue Type: Bug
>            Reporter: Brian Demers
>            Assignee: Brian Demers
>             Fix For: 1.4.0
>
>
> See:
> http://stackoverflow.com/questions/3521290/logout-get-or-post
> A logout causes a change of state, so should NOT be a GET.
> Also, due to browser pre-fetching, a typing {{http://localhost:8080/log}} may 
> cause a prefetch to {{/logout}}
> To stay backwards compatible, this need to be an op-in feature.
> The proposed solution set a {{shiro.postOnlyLogout = true}} attribute, (same 
> as {{logout.postOnlyLogout = true}})



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (SHIRO-595) Allow for POST only logout requests

Reply via email to