Merge branch 'feature-change-signout-route' into 'master'

Change Sign Out route from a DELETE to a GET

Closes #39708

See merge request gitlab-org/gitlab-ce!15231

2 files changed, 4 insertions, 9 deletions

diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb
index 86be06ff595..b14735943a5 100644
--- a/spec/lib/gitlab/middleware/read_only_spec.rb
+++ b/spec/lib/gitlab/middleware/read_only_spec.rb
@@ -91,13 +91,6 @@ describe Gitlab::Middleware::ReadOnly do
     end
 
     context 'whitelisted requests' do
-      it 'expects DELETE request to logout to be allowed' do
-        response = request.delete('/users/sign_out')
-
-        expect(response).not_to be_a_redirect
-        expect(subject).not_to disallow_request
-      end
-
       it 'expects a POST internal request to be allowed' do
         response = request.post("/api/#{API::API.version}/internal")
 
diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb
index 32aa6e5ad52..91aefa84d0e 100644
--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@@ -257,8 +257,10 @@ describe "Authentication", "routing" do
     expect(post("/users/sign_in")).to route_to('sessions#create')
   end
 
-  it "DELETE /users/sign_out" do
-    expect(delete("/users/sign_out")).to route_to('sessions#destroy')
+  # sign_out with GET instead of DELETE facilitates ad-hoc single-sign-out processes
+  # (https://gitlab.com/gitlab-org/gitlab-ce/issues/39708)
+  it "GET /users/sign_out" do
+    expect(get("/users/sign_out")).to route_to('sessions#destroy')
   end
 
   it "POST /users/password" do