Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Blog
Q&A
Posts Tags Edits
Ask Question

Welcome to Codidact Meta!

Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.

Comments on Following the "sign out" into a new tab results in 404 Not Found

Parent

Following the "sign out" into a new tab results in 404 Not Found

+2
−0

I'm honestly not sure what is going on here.

Once I'm logged in to a Codidact site, if I click "sign out" in the top right corner of each page, I get signed out -- which is exactly what you'd expect.

However, if I follow that link such that it's opened in another tab -- Ctrl+click, middle-click, right-click then "open in new tab" -- what happens is that I get a 404 Not Found error message back.

The URL then shown by the browser looks perfectly sane in that case; https://somethingsomethingoranother.codidact.com/users/sign_out (which is the same as the link target).

If I go back to the original tab, and simply click the exact same "sign out" there, then I get logged out just fine.

This is with Firefox 68.9 ESR. Thinking that this was somehow related to too-strict privacy controls, I tried setting uMatrix to allow everything globally, but even then I got the same error message.

It's a slight annoyance because I sometimes like to leave posts up for reference, but want to sign out of my account. The standard way to do that for me is to just middle-click "sign out" to sign out in a separate tab, leaving the others untouched; but in this case, that doesn't work, so I have to open a new tab to somewhere on the site, then sign out in that one.

bug status-bydesign
posted over 4 years ago
4y ago by ArtOfCode‭
user card
Canina‭
70 78 760 152
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.
Why should this post be closed?

0 comment threads

Post
+3
−0

This is [status-bydesign] for security reasons.

The sign out request uses an HTTP DELETE request to avoid an attack called CSRF. Clicking a link, by default, uses a GET request. The library that handles our user authentication works some JS magic to capture your click and send the correct DELETE instead, but middle-click or otherwise opening in a new tab can only ever use a GET request, which won't work.

As a workaround, you can instead open any page in a new tab - middle-click the logo, for example - and then sign out in that tab.

posted over 4 years ago
user card
ArtOfCode‭ staff
9 151 811 244
History
Why does this post require attention from curators or moderators?
You might want to add some details to your flag.

1 comment thread

General comments (3 comments)
General comments
Canina‭ wrote over 4 years ago
copy link

Fair enough, but then I would argue that the response shouldn't be 404 Not Found, but rather 405 Method Not Allowed. After all, the requested resource exists at the URL in question; it just doesn't support GET specifically.

ArtOfCode‭ wrote over 4 years ago
copy link

I'll see if that's practical to do, @aCVn

luap42‭ wrote over 4 years ago
copy link

Another solution I found, was to show a GET page "Do you really want to sign out? [some comment about showing this page for security reasons] and then a sign out button sending the request on click".