F
Filament7mo ago
Samus_Aran

Change the HTTP method to GET for the Logout MenuItem

Hi there! I am trying to override the behaviour of the logout menu item in the user dropdown on my admin panel by adding this piece of code: 
->userMenuItems([
  'logout' => MenuItem::make()
    ->url(fn (): string => route('home'))
    ->label('Leave'),
])
->userMenuItems([
  'logout' => MenuItem::make()
    ->url(fn (): string => route('home'))
    ->label('Leave'),
])
I get an error, because Filament still wants to process this as POST. I can fix it by changing the key from "logout" to "leave" but then it obviously doesn't replace the logout menu item... Is it possible to explicitly set the request method somehow?
20 Replies
DrByte
DrByte7mo ago
Curious: why do you need it to be a GET? Laravel uses POST in order to prevent accidental logouts by bots randomly hitting the page or by malware in injected/hijacked javascript etc.
DrByte
DrByte7mo ago
... As for the component itself, the POST is hardcoded: https://github.com/filamentphp/filament/blob/d84f26cd905ab7ff32db14e4dc6a4b843081878e/packages/panels/resources/views/components/user-menu.blade.php#L81-L87
GitHub
filament/packages/panels/resources/views/components/user-menu.blade...
A collection of beautiful full-stack components for Laravel. The perfect starting point for your next app. Using Livewire, Alpine.js and Tailwind CSS. - filamentphp/filament
awcodes
awcodes7mo ago
What @DrByte said. Logout should never be a get. It should always be able to verify the logged in user is actually who is making the request to logout.
Samus_Aran
Samus_Aran7mo ago
@DrByte @awcodes I dont want to logout. I want to replace it with a get URL to have the users leave the admin dashboard and go back to the main site where they can logout. I was able to deactive the Filament-Internal login by removing login() from my panel config, so I am just wondering why I cant fully remove the logout menu item from the user dropdown as well or overwrite it. I tried overwriting it with 'logout' => MenuItem::make()->hidden(true), to just hide it, but this also doesn't seem to work. Filament really wants the logout action to be visible there 😄
DrByte
DrByte6mo ago
Right. It's hard-coded. No option to hide/remove it. Just override the URL. But, adding your "Leave" menu item to the list, will make it appear above Logout. I suppose you might be able to make the Log Out text be blank or almost-blank (can't be null or it'll do a lookup to the language file).
Samus_Aran
Samus_Aran6mo ago
I just got the idea of doing it with some hacky CSS that I added to my filament theme: 
form[action*="administrator/logout"]
{
  display: none;
}
form[action*="administrator/logout"]
{
  display: none;
}
This did the trick 😄
DrByte
DrByte6mo ago
Haha. Yes, that's about the only remaining sensible option.
awcodes
awcodes6mo ago
Absolutely nothing wrong with this. It’s 💯 valid css.
DrByte
DrByte6mo ago
@awcodes do you think a PR to make the Logout option "removable" would be accepted? (perhaps support the common ->hidden() directive, which would just wrap it in an if conditional inside the component template)
awcodes
awcodes6mo ago
I don’t think it would be, because it’s not a common use case. It’s app specific. Personally I would never remove the option for someone to logout from the admin side. I would never force them to leave the admin to logout. Authentication, is also not relevant to where they are in the app. They should be able to log out from anywhere, especially since it’s session based at the laravel level and not the filament level.
DrByte
DrByte6mo ago
Ya, I tend to agree with you there. (Granted, I wish Filament supported guest access to panels, not requiring any login.)
awcodes
awcodes6mo ago
It does. There’s a property that allows bypass authentication on pages. Don’t remember it off the top of my head right now.
awcodes
awcodes6mo ago
DrByte
DrByte6mo ago
Thanks, but I was talking about Authentication, not Authorization.
awcodes
awcodes6mo ago
Touche.
DrByte
DrByte6mo ago
(Apologies: I don't like hijacking threads, so I'm sorry that this has gone there!)
awcodes
awcodes6mo ago
I think this particular use case somewhat tied together though. Which is why it exists. Would have to go back through the PRs/ discussion. But want to say it was the underlying point of this feature to allow non authenticated views.
DrByte
DrByte6mo ago
Thanks. I'll peek at git blame and see where it takes me! 😄
Samus_Aran
Samus_Aran6mo ago
Yeah, I can also understand why the logout HAS to be there from a design perspective. As one could build a whole application using filament panels you probably dont want this to be removable from the config...
awcodes
awcodes6mo ago
Real question is why does it matter? Why shouldn’t a user be able to log out from the panel or from a non panel. They should be able to logout from anywhere in the app. It just doesn’t make sense to not be able to log out from the main part of the app that 100% depends on authentication.
Want results from more Discord servers?
Add your server
More Posts
Dynamic Select FieldsI have a recursive relationship in a table. The table name is topics and each topic can have childrehide field conditionally and submit values accordingly.Hi there! I wan to achieve something like if user has role admin then show this ``` Select::make('uEditRecord and relationshipsOk, not sure if I am having a brain fart or what, but with the EditRecord page of a resource and a pAlert when navigation away from dirty formIs it possible to show an alert when using the browser navigation or closing the tab while fields inObject of class Filament\Support\Enums\MaxWidth could not be converted to stringSo I noticed my tables weren't showing the pagination badges so I google and came across a suggestiogetTabs()public function getTabs(): array { return [ 'all' => Tab::make('Active')->moTextEntry urlI have a custom page and it displays Infolist with some TextEntries. In my custom page I have this cAdding routes to Filament auth middlewareI have a Filament user panel where a website user can do normal CRUD operations after he logs in. Seperate panels per role with no cross-accessI have two panels: admin panel and user panel. I use the Spatie Roles and Permissions plugin. I haveEndless search issue during Attach action in Eloquent TableBrief Background: — Admin creates products in Admin Panel. — Seller in Seller Panel can only Attach/