On Friday, February 28, 2020 at 5:08:07 PM UTC+1, Maher, Brian wrote: > > Are any current browsers dumb enough to prefetch logout links these days? > I would assume that most prefetch algorithms are smart enough to not > pre-fetch these. >
Not sure what heuristics browsers use. I have also seen the argument floated around that it’s not “correctly > restful” to modify the state (session data) via a GET request. I’d say that > sessions themselves are not restful by nature. > It has nothing do to with restful, logout by GET is not CSRF protected… I just don’t see the benefit, in return for breaking practically every > logout button on every installation of Django around. > Not necessarily, if you GET the logout page an intermediary page can be displayed (though that would need a new template). <img src="some_page/admin/logout"/> is currently a perfectly nice way to perform a logout against your django installation if you are viewing this google group in the same browser ;) -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/a08a0f8b-dd51-48a8-9a62-ef730f90bd35%40googlegroups.com.
