I found an example on stackoverflow on how we could do this in the admin without JS (with a bit of styling): https://stackoverflow.com/a/33880971 -- I personally would prefer it if we would not need javascript for a fundamental functionality like this.
On Saturday, February 29, 2020 at 9:26:23 AM UTC+1, Adam Johnson wrote: > > Google (=Gmail): GET, but with a security token in the URL > Facebook: POST > Instagram: POST > Twitter: POST > > On Sat, 29 Feb 2020 at 08:08, אורי <u...@speedy.net <javascript:>> > wrote: > >> I'm interested: Google, Gmail, Facebook, Instagram, Twitter: How do they >> use logout? POST or GET? >> אורי >> u...@speedy.net <javascript:> >> >> >> On Thu, Feb 27, 2020 at 7:10 PM René Fleschenberg <re...@fleschenberg.net >> <javascript:>> wrote: >> >>> Hi everyone, >>> >>> there seems to be consensus that logging the client out on GET requests >>> to the logout view is not great. Clients may try to prefetch links (this >>> came up on IRC today). Attackers might annoy users by logging them out >>> with embedded links to the logout URL. >>> >>> The reason this was not changed yet is backwards compatibility. >>> >>> I'd like to propose deprecating logging out via GET with the usual >>> deprecation cycle, so that we have the possibility to stop supporting it >>> in Django 4.0. >>> >>> In my opinion, this is a fairly easy change for Django users to make >>> upon a Django update. Some changes to Django itself will also have to be >>> made (the admin templates), but I think it should be possible to do >>> those before the 4.0 release. And even if that doesn't happen, emitting >>> a DeprecationWarning in 3.1+ wouldn't harm, right? >>> >>> What do you think? >>> >>> I went ahead and created a PR for this: >>> https://github.com/django/django/pull/12504 >>> >>> -- >>> René Fleschenberg >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Django developers (Contributions to Django itself)" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to django-d...@googlegroups.com <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-developers/9baf0189-fc7a-80a0-6543-559c2b2b186a%40fleschenberg.net >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers (Contributions to Django itself)" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-d...@googlegroups.com <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-developers/CABD5YeHh%2BNvu4vtwaD8pC9526bAVpyA1iwo94c5bVSjRUa5eNg%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/django-developers/CABD5YeHh%2BNvu4vtwaD8pC9526bAVpyA1iwo94c5bVSjRUa5eNg%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > > -- > Adam > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2598e4a0-1b0d-4d34-a807-2b243af72053%40googlegroups.com.
