Allow login as a GET

Atm the login phase via frontend is done as a POST request.

Allow it as a GET means that users can save the vikunja app in the bookmark like:

And it will be logged in without clic for a password stored in the browser or something else.

I don’t think that’s a good idea. These credentials will show up in server logs. A better idea is to either use a password manager or the “stay logged in” functionality.


I don’t understand at all…POST requests can be logged too (but that’s not the default):

The difference is while post request contents might get logged, the URL (contents of the get request) will always be logged.

More reasons: php - For Login GET or POST? - Stack Overflow

1 Like