Thank you for your reply.
I do not agree that it ideally should be a DELETE request. DELETE
should only be used when you're actually deleting the resource
specified by the URI. And since it does not make sense to say, that we
are deleting the users/sign_out resource, I think DELETE should not be
used. POST would be more appropriate.
Have a look at the description of DELETE here:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
That being said, I agree that it is wrong to require javascript to
logout. I can now understand why you chose GET.
Most of my sites rely heavily on javascript (you cannot use them
without it enabled), and for these sites I'd personally prefer if I
could somehow customize Devise to make sign out a POST request. I'd
then setup the logout link using a technique like the ones I've
described here:
http://rrn.dk/unobtrusive-javascript-in-rails-using-prototype
For example: <a href="/users/sign_out" class="post">Logout</a>
If you feel this is too much of a "special case" to include it in
Devise, I can understand that.
Ideally, I'd rather write something like <a href="/users/sign_out"
method="post">Logout</a> (without the use of javascript at all), but I
think we'll have to wait a little while before browsers allow us to do
that ;-)
Regards,
Rasmus