"Django administration > Logout user" leads to a 405 error (Method Not Allowed (GET): /en/admin/logout/)
erkesado opened this issue · comments
Summary
If I go to http://localhost:8000/en/admin/cms/pagecontent/ and then click Django administration > Logout user, a 405 error is raised, and "Method Not Allowed (GET): /en/admin/logout/" is printed on the console.
But if I go to the preview mode of a page (e.g. http://localhost:8000/en/admin/cms/placeholder/object/10/preview/4/), Django administration link is replaced by example.com and then example.com > Logout user works like a charm.
Expected behavior
Django administration > Logout user should work normally like example.com > Logout user.
Actual behavior
Django administration > Logout user raises a 405 error.
Environment
- Python version: 3.11.7
- Django version: 5.0.1
- django CMS version: 4.1.0
@erkesado Great catch! Since Django 5 the logout view only accepts post requests. This is an issue with djangocms-admin-style. I'll transfer it.
@erkesado Can I interest you in contributing a patch?
It's these lines which create a link to Django's logout view which upon clicking creates an HTML GET request to the view:
Since Django 5, only POST requests are accepted (before also GET). Without Javascript you'll get a POST request if you turn that <a> tag into a small form:
<form method="POST" action="{% url 'admin:logout' %}">
{% csrf_token %}
<button type="submit">{% trans 'Log out' %} {% firstof user.get_short_name user.get_username %}</button>
</form>
Since that form should look like a menu entry, the sass files need an addition to render a <form>-<button> combination exactly like a <a> link. The form element should not be visible at all (no margins, paddings, etc.), the button should be styled like a link.
What do you think?
@fsbraun Great. I'm taking this issue.