yarwelp
commented
9 years ago We could of course provide our own logout view, e.g. wrapping the Django logout view, which would ensure that the request was POST and not GET and show a warning with a submit form to log out but I think this is something that should be fixed in Django itself.
Currently the way of doing logout with Django is with GET.
https://code.djangoproject.com/ticket/15619