Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Use delete request with sign out #3881

Merged
merged 1 commit into from
Jun 26, 2023
Merged

Feature: Use delete request with sign out #3881

merged 1 commit into from
Jun 26, 2023

Conversation

KevinMulhern
Copy link
Member

Because:

  • Using a get for something destructive like signing out is a security issue. Users could be made to unintentionally sign out if they clicked on a "https://theodinproject.com/sign_out" link someone sent them.

This commit:

  • Change sign_out path to delete instead of a get request.
  • Refactor nav item component to take an options hash which we can use for the mobile flag and this new method option.

@KevinMulhern KevinMulhern self-assigned this Jun 25, 2023
@KevinMulhern KevinMulhern added the Type: Enhancement Involves a new feature or enhancement request label Jun 25, 2023
@KevinMulhern KevinMulhern temporarily deployed to odin-review-app-pr-3881 June 25, 2023 15:03 Inactive
ChargrilledChook
ChargrilledChook approved these changes Jun 25, 2023
View reviewed changes
Copy link
Member

@ChargrilledChook ChargrilledChook left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one minor non-blocking comment

app/components/user/profile_dropdown_component.html.erb Outdated
@@ -28,7 +28,7 @@
<%= render Theme::SwitcherComponent.new(current_theme:) %>
<% end %>

<%= link_to sign_out_path, class: 'text-gray-700 dark:text-gray-300 group flex items-center px-3 py-2 text-sm' do %>
<%= link_to sign_out_path, class: 'text-gray-700 dark:text-gray-300 group flex items-center px-3 py-2 text-sm', data: { turbo_method: :delete } do %>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be better to use button_to instead of link to to improve the semantics, as well? I know there are some considerations with how button_to wraps the button in a form, but could still be worthwhile

@KevinMulhern
Feature: Use delete request with sign out
b96bcab 
Because:
* Using a get for something destructive like signing out is a security issue. Users could be made to unintentionally sign out if they clicked on a "https://theodinproject.com/sign_out" link someone sent them.

This commit:
* Change sign_out path to delete instead of a get request.
* Refactor nav item component to take an options hash which we can use for the mobile flag and this new method option.
@KevinMulhern KevinMulhern force-pushed the feature/use-delete-for-sign-out-links branch from 972f37d to b96bcab Compare June 25, 2023 22:35
@KevinMulhern KevinMulhern temporarily deployed to odin-review-app-pr-3881 June 25, 2023 22:35 Inactive
@KevinMulhern KevinMulhern merged commit e8b7871 into main Jun 26, 2023
@KevinMulhern KevinMulhern deleted the feature/use-delete-for-sign-out-links branch June 26, 2023 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChargrilledChook ChargrilledChook ChargrilledChook approved these changes

Assignees

@KevinMulhern KevinMulhern

Labels
Type: Enhancement Involves a new feature or enhancement request
Projects
Main Site
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KevinMulhern @ChargrilledChook