Update logout to be a POST

Django needs logout to be a POST now, so we need CSRF tokens
thegreenwebfoundation · May 6, 2024 · 3f09f80 · 3f09f80
1 parent 0cf0a8b
commit 3f09f80
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/apps/accounts/templates/base.html b/apps/accounts/templates/base.html
@@ -70,7 +70,12 @@
                             {% if request.user.is_authenticated %}
                                 <span>Hello {{ request.user.username }}</span>
                                 <span role="img" aria-label="waving hand">👋</span>
-                                <span class="pl-3"><a href="{% url 'logout' %}">Log out</a></span>
+                                <form class="inline" method="POST" action="{% url 'logout' %}">
+                                {% csrf_token %}
+                                <span class="pl-3">
+                                    <button> Log out</button>
+                                </span>
+                                </form>
                             {% else %}
                                 <a href="{% url 'login' %}">Log in</a>
                             {% endif %}