Skip to content

Commit

Permalink
Make logging out be a POST request so that the CSRF token is checked
Browse files Browse the repository at this point in the history
  • Loading branch information
@carols10cents
carols10cents committed Sep 4, 2012
1 parent a799e4b commit 1fe0ac6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion app/views/shared/menu/_profile.haml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
- if current_user
%ul.menu#profile_menu
!= menu_item("Profile", "/users/#{current_user.username}")
!= menu_item("Log Out", "/logout")
%li.log_out
= link_to "Log Out", logout_path, :method => :post
2 changes: 1 addition & 1 deletion config/routes.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Sessions
resources :sessions, :only => [:new, :create, :destroy]
match "/login", :to => "sessions#new"
match "/logout", :to => "sessions#destroy"
match "/logout", :to => "sessions#destroy", :via => :post

match "/follow", :to => "static#follow", :via => :get

Expand Down

0 comments on commit 1fe0ac6

Please sign in to comment.