Nice spot.
However, this fix won't work. Putting a csrf token on every page is incompatible with the caching system we have in place.
One way to fix it would be to just allow logout GET again (I think this got broken on a django upgrade where it wasn't tested). But maybe the better way to fix it would be to have the logout link go to a page with a POST form on it, and have that form do what the GET link does now. I assume the GET is blocked because otherwise someone could trick a user, or redirect them, to the logout URL and they get logged out. I'm not sure how realistic or how big of a problem that is, but getting rid of it would not hurt...
Would you be interested in working on a patch for that as well?
//Magnus
Hi Daniel,
Thanks for confirming. I took a look at the repo and have a fix that works locally. Please see the attached patch.
Jack
On Thu, Mar 19, 2026, at 6:21 PM, Daniel Gustafsson wrote:
> I seem unable to log out of
postgresql.org. I have tried in multiple browsers and have received the same error each time.
I can reproduce that as well.
--
Daniel Gustafsson
