#15619: Logout link should be a form ----------------------------------+--------------------------- Reporter: void | Owner: nobody Status: new | Milestone: Component: django.contrib.admin | Version: SVN Keywords: | Triage Stage: Unreviewed Has patch: 0 | ----------------------------------+--------------------------- There is a logout link in admin app. It is link, not a form. Therefore it is not CSRF-protected. Probably it is not so important to protect logout from CSRF attack, because this fact cannot be used to do anything harmful. So this is just a request for purity. Another reason is that GET request should never change invernal state of the system.
-- Ticket URL: <http://code.djangoproject.com/ticket/15619> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.