"Django administration > Logout user" leads to a 405 error (Method Not Allowed (GET): /en/admin/logout/)

[erkesado]

Summary

If I go to http://localhost:8000/en/admin/cms/pagecontent/ and then click Django administration > Logout user, a 405 error is raised, and "Method Not Allowed (GET): /en/admin/logout/" is printed on the console.

But if I go to the preview mode of a page (e.g. http://localhost:8000/en/admin/cms/placeholder/object/10/preview/4/), Django administration link is replaced by example.com and then example.com > Logout user works like a charm.

Expected behavior

Django administration > Logout user should work normally like example.com > Logout user.

Actual behavior

Django administration > Logout user raises a 405 error.

Environment

• Python version: 3.11.7
• Django version: 5.0.1
• django CMS version: 4.1.0

[fsbraun]

@erkesado Great catch! Since Django 5 the logout view only accepts post requests. This is an issue with djangocms-admin-style. I'll transfer it.

[fsbraun]

@erkesado Can I interest you in contributing a patch?

It's these lines which create a link to Django's logout view which upon clicking creates an HTML GET request to the view: https://github.com/django-cms/djangocms-admin-style/blob/1428c0d0bfb0cc22ca704982dbcabf931b997b0f/djangocms_admin_style/templates/admin/inc/branding.html#L26-L30

Since Django 5, only POST requests are accepted (before also GET). Without Javascript you'll get a POST request if you turn that <a> tag into a small form:

<form method="POST" action="{% url 'admin:logout' %}"> 
    {% csrf_token %}
    <button type="submit">{% trans 'Log out' %} {% firstof user.get_short_name user.get_username %}</button>
</form>

Since that form should look like a menu entry, the sass files need an addition to render a <form>-<button> combination exactly like a <a> link. The form element should not be visible at all (no margins, paddings, etc.), the button should be styled like a link.

What do you think?

[erkesado]

@fsbraun Great. I'm taking this issue.