fix: disable login using GET requests for security reasons

This totally bypass protection mechanism like CSRF and you should never do a state modification using a GET request.