chiark / gitweb /
~mdw / chopwood / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ea0eda5)
list.fhtml: Make `logout' be a POST operation.
authorMark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:05:23 +0000 (19:05 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:08:50 +0000 (19:08 +0000)
It's really not idempotent.  And also it will spam the CSRF token into
the URL, which isn't what we want.

list.fhtml patch | blob | blame | history

diff --git a/list.fhtml b/list.fhtml
index 0fb5fafb6a1a1600011489d22b19e3727df56d17..8a947aaa2b676b6e56d5a0d44d03585b89aca59c 100644 (file)
--- a/list.fhtml
+++ b/list.fhtml
@@ -130,7 +130,7 @@
 
 <h2>Log out of Chopwood</h2>
 
-<form method=GET action="~={script}H/logout">
+<form method=POST action="~={script}H/logout">
 <button type=submit>Log out</button>
 <input type=hidden name=%user value="~={user}H">
 <input type=hidden name=%nonce value="~={nonce}H">
A password-changing service.