Skip to content

Fix logout logic to use POST (Django 4.1+) #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix logout logic to use POST (Django 4.1+) #185

wants to merge 1 commit into from

Conversation

07SUJITH
Copy link
Contributor

@07SUJITH 07SUJITH commented Jun 8, 2025

Issue: Logout via GET is no longer allowed from Django 4.1 onwards.
🔗 Ref: Django 4.1 Release Notes – logout via GET

Fix: Updated logout links in all language versions of the tutorial to use a POST form.

Before

<a href="{% url 'logout' %}">Log out</a>

After

<form method="POST" action="{% url 'logout' %}" style="display:inline;">
  {% csrf_token %}
  <button type="submit" style="padding:0; border:none; background:none; color:#337ab7; text-decoration:underline; cursor:pointer;">
    Log out
  </button>
</form>

Updated Files

  • en/authentication_authorization/README.md
  • es/authentication_authorization/README.md
  • fa/authentication_authorization/README.md
  • ja/authentication_authorization/README.md
  • co/authentication_authorization/README.md

Ensures compatibility with Django 4.1+ and maintains secure logout practice.

Fixes: #183

@07SUJITH
fix: update logout logic to use POST method in all language READMEs (…
ad08d14 
…Django 4.1+)

Replaced logout <a> link with a POST form to comply with Django 4.1+ security policy,
which disallows logout via GET request.

Modified Files:
- tutorial-extensions/en/authentication_authorization/README.md
- tutorial-extensions/es/authentication_authorization/README.md
- tutorial-extensions/fa/authentication_authorization/README.md
- tutorial-extensions/ja/authentication_authorization/README.md
- tutorial-extensions/co/authentication_authorization/README.md

Fixes DjangoGirls#183
@07SUJITH
Copy link
Contributor Author

Hi @das-g,

Could you please review the PR addressing the logout via POST issue for Django 4.1+ (Fixes #183)? This update aligns with the main tutorial's Django~=5.1.2 version, ensuring compatibility by disabling logout via GET.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@07SUJITH