From 3f09f8027438b64289abfa28f9bc8eba6deebba2 Mon Sep 17 00:00:00 2001
From: Chris Adams <chris@productscience.co.uk>
Date: Mon, 6 May 2024 16:54:46 +0200
Subject: [PATCH] Update logout to be a POST

Django needs logout to be a POST now, so we need
CSRF tokens
---
 apps/accounts/templates/base.html | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/apps/accounts/templates/base.html b/apps/accounts/templates/base.html
index 6fd3e4ca..e2c0bba3 100644
--- a/apps/accounts/templates/base.html
+++ b/apps/accounts/templates/base.html
@@ -70,7 +70,12 @@
                             {% if request.user.is_authenticated %}
                                 <span>Hello {{ request.user.username }}</span>
                                 <span role="img" aria-label="waving hand">👋</span>
-                                <span class="pl-3"><a href="{% url 'logout' %}">Log out</a></span>
+                                <form class="inline" method="POST" action="{% url 'logout' %}">
+                                {% csrf_token %}
+                                <span class="pl-3">
+                                    <button> Log out</button>
+                                </span>
+                                </form>
                             {% else %}
                                 <a href="{% url 'login' %}">Log in</a>
                             {% endif %}