So I looked around for a solution to this issue and most seem to say the same thing which hasn't done much to solve my problem. I've specified the delete method in the link but the routing error is saying it was a GET request. Any ideas why the link below would wind up making a overriding/ignoring the method declaration?
<%= link_to "sign out", destroy_user_session_path, :method => :delete %>
Routes
devise_for :users do
get 'logout' => 'sessions#destroy', :as => :destroy_user_session
get 'login' => 'devise/sessions#new'
end
Don't use GET to destroy a session because it opens you up to CSFR, which isn't that big deal of a deal in this case - but still not a good thing to do). And, it doesn't follow REST conventions.
If you're using SSL for Devise routes, what's happening is when you try to sign out from an 'http' url, it's sending a DELETE request properly but then redirecting to the 'https' version via GET.
Fix this by adding (protocol: 'https') to the sign out url like so:
= link_to "Logout", destroy_user_session_url(protocol: 'https'), method: :delete
Note: it's important to use 'url' instead of 'path'.
Hope that helps.