CODEWITHSUNDEEP
ruby-on-railsauthenticationdevise
sonobenissimo
sonobenissimo

Reputation: 301

Devise No route matches [GET] "/users/sign_out" from link with delete specified

So I looked around for a solution to this issue and most seem to say the same thing which hasn't done much to solve my problem. I've specified the delete method in the link but the routing error is saying it was a GET request. Any ideas why the link below would wind up making a overriding/ignoring the method declaration?

<%= link_to "sign out", destroy_user_session_path, :method => :delete %>

Routes

  devise_for :users do
    get 'logout' => 'sessions#destroy', :as => :destroy_user_session
    get 'login' => 'devise/sessions#new'
  end

Upvotes: 4

Views: 3448

Answers (6)

Gabriel Gu&#233;rin
Gabriel Gu&#233;rin

Reputation: 468

In my case, using button_to instead of link_to solved my problem:

<%= button_to "Log out", destroy_user_session_path, method: 'delete' %>

This answer helped me.

Upvotes: 0

Amrit Dhungana
Amrit Dhungana

Reputation: 4485

Check whether you have include jquery and jquery_ujs

<%= javascript_include_tag "jquery", "jquery_ujs" %>

If not include it. It is solve this problem.

Upvotes: 0

thatdankent
thatdankent

Reputation: 950

What I did was change:

get 'logout' => 'sessions#destroy', :as => :destroy_user_session

to

delete 'logout' => 'sessions#destroy', :as => :destroy_user_session

and changed:

destroy_user_session_path

to

destroy_user_session_url

and I commented out:

config.sign_out_via = :get

in config/initializers/devise.rb because the default is :delete (which is conventional and secure).

Happy coding!

Upvotes: 1

Chris Chattin
Chris Chattin

Reputation: 482

Don't use GET to destroy a session because it opens you up to CSFR, which isn't that big deal of a deal in this case - but still not a good thing to do). And, it doesn't follow REST conventions.

If you're using SSL for Devise routes, what's happening is when you try to sign out from an 'http' url, it's sending a DELETE request properly but then redirecting to the 'https' version via GET.

Fix this by adding (protocol: 'https') to the sign out url like so:

= link_to "Logout", destroy_user_session_url(protocol: 'https'), method: :delete

Note: it's important to use 'url' instead of 'path'.

Hope that helps.

Upvotes: 2

Adam Jonas
Adam Jonas

Reputation: 174

In your config/initializers/devise.rb change the default HTTP method used to sign out a resource to :get. The default is :delete.

config.sign_out_via = :get

Upvotes: 5

Armando
Armando

Reputation: 940

I think it's because you use 'get' instead a 'delete' in the declaration of route. Try change 'get' by 'delete' in 'logout' route:

  devise_for :users do
    delete 'logout' => 'sessions#destroy', :as => :destroy_user_session
    get 'login' => 'devise/sessions#new'
  end

Upvotes: 0

Related Questions