Don't redirect to POST request URLs after sign out

Sometimes we define URLs for POST requests which are not defined for GET
requests, such as "/residence", so redirecting to it after signing out
results in a routing error.

So instead of using the request referer, we're using the stored location
devise uses, and we're not storing locations in POST requests.

app/controllers/application_controller.rb

@@ -107,7 +107,7 @@ class ApplicationController < ActionController::Base
     end
 
     def set_return_url
-      if !devise_controller? && is_navigational_format?
+      if request.get? && !devise_controller? && is_navigational_format?
         store_location_for(:user, request.fullpath)
       end
     end

app/controllers/users/sessions_controller.rb

@@ -1,4 +1,9 @@
 class Users::SessionsController < Devise::SessionsController
+  def destroy
+    @stored_location = stored_location_for(:user)
+    super
+  end
+
   private
 
     def after_sign_in_path_for(resource)
@@ -10,7 +15,7 @@ class Users::SessionsController < Devise::SessionsController
     end
 
     def after_sign_out_path_for(resource)
-      request.referer.present? && !request.referer.match("management") ? request.referer : super
+      @stored_location.present? && !@stored_location.match("management") ? @stored_location : super
     end
 
     def verifying_via_email?

spec/system/sessions_spec.rb

@@ -45,4 +45,19 @@ describe "Sessions" do
 
     expect(page).to have_current_path "/"
   end
+
+  scenario "Sign out does not redirect to POST requests URLs" do
+    login_as(create(:user))
+
+    visit account_path
+    click_link "Verify my account"
+    click_button "Verify residence"
+
+    expect(page).to have_content(/errors prevented the verification of your residence/)
+
+    click_link "Sign out"
+
+    expect(page).to have_content "You must sign in or register to continue."
+    expect(page).to have_current_path new_user_session_path
+  end
 end