Hi Tim, There's an open pull request <https://github.com/django/django/pull/1934>, but it was opened over a year ago and has gone stale. Maybe you'd like to review and update it.
You can use the patch review checklist: https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/submitting-patches/#patch-review-checklist If you are happy with the patch after that, please mark the ticket as "ready for checkin" for a final review from a core developer. Thanks! Tim On Wednesday, December 3, 2014 5:02:42 PM UTC-5, Tim Chase wrote: > > I've had a couple cases where browser link pre-fetching triggered > an unintended logout from my Django app (I haven't fully tracked down > the exact combination of triggering conditions, but I suspect they > similar to Israel Brewster's CherryPy issue mentioned on > comp.lang.python [1]) and was surprised that Django suffered the same > issue. > > Researching, I found https://code.djangoproject.com/ticket/15619 > but see that it was last modified ~10mo ago, having been opened ~4yrs > ago. The current (development HEAD from git) versions of > > django/contrib/auth/views.py:logout() > django/contrib/auth/__init__.py:logout() > > still don't seem to contain any checks to ensure logouts can only > happen via POST rather than GET requests. > > Is there any movement forward on resolving this so my browser > doesn't inconveniently boot me from the app when I don't intend to > log out? > > -tkc > > [1] > https://mail.python.org/pipermail/python-list/2014-December/682106.html > > > > > > > . > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/c888627a-d1da-4755-ad77-055b7837c2e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
