diff --git a/lib/gitlab/middleware/read_only.rb b/lib/gitlab/middleware/read_only.rb index 8853dfa3d2d..5e4932e4e57 100644 --- a/lib/gitlab/middleware/read_only.rb +++ b/lib/gitlab/middleware/read_only.rb @@ -66,11 +66,7 @@ module Gitlab end def whitelisted_routes - logout_route || grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route - end - - def logout_route - route_hash[:controller] == 'sessions' && route_hash[:action] == 'destroy' + grack_route || @whitelisted.any? { |path| request.path.include?(path) } || lfs_route || sidekiq_route end def sidekiq_route diff --git a/spec/lib/gitlab/middleware/read_only_spec.rb b/spec/lib/gitlab/middleware/read_only_spec.rb index 86be06ff595..b14735943a5 100644 --- a/spec/lib/gitlab/middleware/read_only_spec.rb +++ b/spec/lib/gitlab/middleware/read_only_spec.rb @@ -91,13 +91,6 @@ describe Gitlab::Middleware::ReadOnly do end context 'whitelisted requests' do - it 'expects DELETE request to logout to be allowed' do - response = request.delete('/users/sign_out') - - expect(response).not_to be_a_redirect - expect(subject).not_to disallow_request - end - it 'expects a POST internal request to be allowed' do response = request.post("/api/#{API::API.version}/internal") diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb index 609481603af..17cea6f238b 100644 --- a/spec/routing/routing_spec.rb +++ b/spec/routing/routing_spec.rb @@ -257,8 +257,10 @@ describe "Authentication", "routing" do expect(post("/users/sign_in")).to route_to('sessions#create') end - it "DELETE /users/sign_out" do - expect(delete("/users/sign_out")).to route_to('sessions#destroy') + # sign_out with GET instead of DELETE facilitates ad-hoc single-sign-out processes + # (https://gitlab.com/gitlab-org/gitlab-ce/issues/39708) + it "GET /users/sign_out" do + expect(get("/users/sign_out")).to route_to('sessions#destroy') end it "POST /users/password" do