Fixed #15619 -- Deprecated log out via GET requests.

Thanks Florian Apolloner for the implementation idea. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
author: René Fleschenberg <rene@fleschenberg.net> 2020-02-27 17:55:29 +0100
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2022-03-29 06:42:14 +0200
commit: eb07b5be0ce7c51938ed9b00bae04ebe9a75110c (patch)
tree: e008cfd801e4f003b52b54a2df5e59670077eee5 /docs/releases/4.1.txt
parent: d4bf3b4c75c0e1229062ad4c937725931f699fb7 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/docs/releases/4.1.txt b/docs/releases/4.1.txt
index 39dd2faba9..c7159bd4f2 100644
--- a/docs/releases/4.1.txt
+++ b/docs/releases/4.1.txt
@@ -446,6 +446,36 @@ Miscellaneous
 Features deprecated in 4.1
 ==========================
 
+Log out via GET
+---------------
+
+Logging out via ``GET`` requests to the :py:class:`built-in logout view
+<django.contrib.auth.views.LogoutView>` is deprecated. Use ``POST`` requests
+instead.
+
+If you want to retain the user experience of an HTML link, you can use a form
+that is styled to appear as a link:
+
+.. code-block:: html
+
+  <form id="logout-form" method="post" action="{% url 'admin:logout' %}">
+    {% csrf_token %}
+    <button type="submit">{% translate "Log out" %}</button>
+  </form>
+
+.. code-block:: css
+
+  #logout-form {
+    display: inline;
+  }
+  #logout-form button {
+    background: none;
+    border: none;
+    cursor: pointer;
+    padding: 0;
+    text-decoration: underline;
+  }
+
 Miscellaneous
 -------------
author	René Fleschenberg <rene@fleschenberg.net>	2020-02-27 17:55:29 +0100
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-03-29 06:42:14 +0200
commit	eb07b5be0ce7c51938ed9b00bae04ebe9a75110c (patch)
tree	e008cfd801e4f003b52b54a2df5e59670077eee5 /docs/releases/4.1.txt
parent	d4bf3b4c75c0e1229062ad4c937725931f699fb7 (diff)