chiark / gitweb /
list.fhtml: Make `logout' be a POST operation.
authorMark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:05:23 +0000 (19:05 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Thu, 23 Jan 2014 19:08:50 +0000 (19:08 +0000)
It's really not idempotent.  And also it will spam the CSRF token into
the URL, which isn't what we want.

list.fhtml

index 0fb5faf..8a947aa 100644 (file)
 
 <h2>Log out of Chopwood</h2>
 
-<form method=GET action="~={script}H/logout">
+<form method=POST action="~={script}H/logout">
 <button type=submit>Log out</button>
 <input type=hidden name=%user value="~={user}H">
 <input type=hidden name=%nonce value="~={nonce}H">