Issue
Method Not Allowed (GET): /users/logout/
Method Not Allowed: /users/logout/
[10/Dec/2023 12:46:21] "GET /users/logout/ HTTP/1.1" 405 0
This is happening when I went to url http://127.0.0.1:8000/users/logout/
urls.py:
from django.contrib.auth import views as auth_views
urlpatterns = [
...other urls...
path('users/logout/', auth_views.LogoutView.as_view(), name='logout'),
]
I am expecting user to logout
Solution
Since django-5, you need to do this through a POST request, since it has side-effects. The fact that it worked with a GET request was (likely) a violation of the HTTP protocol: it made it possible for certain scripts to log out users, without the user wanting to. So a POST request also protects against cross-site request forgery (CSRF) [wiki].
So in the template, work with a mini-form:
<form method="post" action="{% url 'logout' %}">
{% csrf_token %}
<button type="submit">logout</button>
</form>
Answered By - willeM_ Van Onsem
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.