minor #18353 [Security] Use POST method for logout route (alexandre-daubois)

javiereguiluz · javiereguiluz · commit bca776af387e · 2023-05-30T12:51:03.000+02:00
This PR was merged into the 5.4 branch. Discussion ---------- [Security] Use POST method for logout route Resolves #17412 Commits ------- 20a7e79 [Security] Use POST method for logout route
diff --git a/security.rst b/security.rst
@@ -1686,7 +1686,7 @@ Next, you need to create a route for this URL (but not a controller):
         class SecurityController extends AbstractController
         {
             /**
-             * @Route("/logout", name="app_logout", methods={"GET"})
+             * @Route("/logout", name="app_logout", methods={"POST"})
              */
             public function logout(): void
             {
@@ -1705,7 +1705,7 @@ Next, you need to create a route for this URL (but not a controller):
 
         class SecurityController extends AbstractController
         {
-            #[Route('/logout', name: 'app_logout', methods: ['GET'])]
+            #[Route('/logout', name: 'app_logout', methods: ['POST'])]
             public function logout()
             {
                 // controller can be blank: it will never be called!
@@ -1718,7 +1718,7 @@ Next, you need to create a route for this URL (but not a controller):
         # config/routes.yaml
         app_logout:
             path: /logout
-            methods: GET
+            methods: POST
 
     .. code-block:: xml
 
@@ -1729,7 +1729,7 @@ Next, you need to create a route for this URL (but not a controller):
             xsi:schemaLocation="http://symfony.com/schema/routing
                 https://symfony.com/schema/routing/routing-1.0.xsd">
 
-            <route id="app_logout" path="/logout" methods="GET"/>
+            <route id="app_logout" path="/logout" methods="POST"/>
         </routes>
 
     .. code-block:: php
@@ -1739,7 +1739,7 @@ Next, you need to create a route for this URL (but not a controller):
 
         return function (RoutingConfigurator $routes) {
             $routes->add('app_logout', '/logout')
-                ->methods(['GET'])
+                ->methods(['POST'])
             ;
         };
 
