Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Django built in Logout view `Method Not Allowed (GET): /users/logout/`

byMR
December 20, 2023
Method Not Allowed (GET): /users/logout/
Method Not Allowed: /users/logout/
[10/Dec/2023 12:46:21] "GET /users/logout/ HTTP/1.1" 405 0

This is happening when I went to url http://127.0.0.1:8000/users/logout/

urls.py:

from django.contrib.auth import views as auth_views

urlpatterns = [
    ...other urls...
    path('users/logout/', auth_views.LogoutView.as_view(), name='logout'),
]

I am expecting user to logout

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

Since , you need to do this through a POST request, since it has side-effects. The fact that it worked with a GET request was (likely) a violation of the HTTP protocol: it made it possible for certain scripts to log out users, without the user wanting to. So a POST request also protects against cross-site request forgery (CSRF) [wiki].

So in the template, work with a mini-form:

<form method="post" action="{% url 'logout' %}">
    {% csrf_token %}
    <button type="submit">logout</button>
</form>
byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading