Method Not Allowed (GET): /admin/logout/ #536
Comments
8bitaby
added a commit
to 8bitaby/django-jazzmin
that referenced
this issue
Mar 5, 2024
Update logout function in base.html This commit updates the logout functionality in the base template (`base.html`) to improve security and adhere to best practices. The previous implementation used a simple link for logout, which could be susceptible to cross-site request forgery (CSRF) attacks. The updated code replaces the logout link with a form submission method, utilizing the POST request with CSRF protection. This approach enhances the security of the logout functionality by ensuring that requests to the logout URL are only accepted from authorized sources, preventing potential unauthorized access or malicious actions. Additionally, the use of a form submission method allows for better compatibility with server-side processing and future scalability. The form includes a CSRF token to mitigate CSRF attacks, providing an additional layer of security. By making this change, we are prioritizing security and robustness in our application's authentication mechanisms, aligning with industry best practices and ensuring a safer user experience. This commit addresses issue farridav#536 and implements the recommended solution. Tested locally to ensure proper functionality.
|
the view: the modified line of base.html: |
jamesgilmorelyst
added
bug
|
@jamesgilmorelyst When will this be sorted? I have just installed the new version but still it aint wworking as working expected. Throwing the same error |
|
|
|
i am also getting the same error Method Not Allowed: /admin/logout/ |
|
Apologies for the delay, but we've release the fix to resolve the logout issue now: If you are still supporting an older version of Python (<3.8) or Django (<4) then we also have release a fix for this version as well: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While logging out the admin, rather than performing a POST the template performs a GET operation which raises an error saying:
Method Not Allowed (GET): /admin/logout/
Method Not Allowed: /admin/logout/
GET /admin/logout/ HTTP/1.1" 405 0
Issue is in /jazzmin/templates/admin/base.html --- and search for logout then,
change this
<a href="{% url 'admin:logout' %}" class="dropdown-item"><i class="fas fa-users mr-2"></i> {% trans 'Log out' %}</a>to this
<form action="{% url 'admin:logout' %}" method="post">{% csrf_token %}<button type="submit" class="dropdown-item"><i class="fas fa-users mr-2"></i> {% trans 'Log out' %}</button></form>The text was updated successfully, but these errors were encountered: