doude4924 2016-08-05 13:03
浏览 25
已采纳

为什么Laravel默认情况下通过POST注销(而不是GET)? [重复]

This question already has an answer here:

Within the context of a Laravel application, what is the significance of POSTing to perform a logout? Is there some security and/or session particularity that POSTing over just GETing?

The relevant portion from the generated make::auth:

<ul class="dropdown-menu" role="menu">
    <li>
        <a href="{{ url('/logout') }}"
            onclick="event.preventDefault();
                     document.getElementById('logout-form').submit();">
            Logout
        </a>

        <form id="logout-form" action="{{ url('/logout') }}" method="POST" style="display: none;">
            {{ csrf_field() }}
        </form>
    </li>
</ul>
</div>
  • 写回答

1条回答 默认 最新

  • dsvd407787736 2016-08-05 13:08
    关注

    GET requests are supposed to be "safe" and shouldn't have any significant side effects. It shouldn't matter, for example, if a precaching feature of a browser followed the link. That should just get some data.

    Logging the user out would be a significant side effect, so GET would be inappropriate.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?