ricardos
Reputation: 71
How to disable GET Logout in Yesod?
Is it possible to get rid of GET /auth/logout = getLogoutR? or change its behavior? similar to the loginHandler in the YesodAuth
Basically, I want to prevent somebody to send a link to naive users that will logout them.
Upvotes: 2
Views: 107
Answers (1)
Sibi
Reputation: 48756
One thing (not tested) which will likely work is adding a definition for it in the Yesod instance. Something like this:
instance Yesod App where
isAuthorized (AuthR LogoutR) False = return $ Unauthorized "must be admin"
The False is to make sure that it will only operate on GET request.
Upvotes: 4
Related Questions
- Yesod.Auth no authentication and no authorization
- How can I run code upon session death with Yesod?
- NoLoggingT does not disable logging in Persistent
- Can't configure Yesod correctly for API
- Prevent Yesod from generating client_session_key.aes file
- How to disable sessions in Yesod for a specific set of urls or a subsite?
- Yesod Sessionless Authentication
- Yesod 1.2 Authorization
- Yesod: Could not access LoginR in another Handler
- Multiple Auth in Yesod?