From 14047a2473aa1e09a9e4000f9525e55eb65a206b Mon Sep 17 00:00:00 2001
From: Jack Bonatakis <jack@bonatak.is>
Date: Tue, 24 Mar 2026 20:10:51 -0400
Subject: [PATCH v2] Fix logout broken by Django 5's removal of GET-based logout

Django 5 no longer allows logout via GET request, which broke the
logout link in the site nav. An earlier fix attempted to embed a
POST form with a CSRF token directly in the nav, but that approach
is incompatible with the site's caching setup as pages with embedded
CSRF tokens cannot be shared across users by Varnish.

Instead, the logout link remains a plain GET link (no CSRF token on
cached pages). The logout view now renders a confirmation page on
GET, and only performs the actual logout on POST. The CSRF token
lives on that confirmation page alone, which is user-specific and
not cached.

The view is also marked @never_cache, since Django does not
automatically set Cache-Control headers here and Varnish is in
front of the application.
---
 pgweb/account/views.py        |  6 +++++-
 templates/account/logout.html | 11 +++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 templates/account/logout.html

diff --git a/pgweb/account/views.py b/pgweb/account/views.py
index 4f6cfa78..7a0a30de 100644
--- a/pgweb/account/views.py
+++ b/pgweb/account/views.py
@@ -6,6 +6,7 @@ from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404
 from pgweb.util.decorators import login_required, script_sources, frame_sources, content_sources, queryparams
 from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.cache import never_cache
 from django.utils.encoding import force_bytes
 from django.utils.http import urlsafe_base64_encode
 from django.contrib.auth.tokens import default_token_generator
@@ -406,8 +407,11 @@ def login(request):
                                        })(request)
 
 
+@never_cache
 def logout(request):
-    return authviews.logout_then_login(request, login_url='/')
+    if request.method == 'POST':
+        return authviews.logout_then_login(request, login_url='/')
+    return render_pgweb(request, 'account', 'account/logout.html', {})
 
 
 def changepwd(request):
diff --git a/templates/account/logout.html b/templates/account/logout.html
new file mode 100644
index 00000000..6b40764e
--- /dev/null
+++ b/templates/account/logout.html
@@ -0,0 +1,11 @@
+{%extends "base/page.html"%}
+{%block title%}Log out{%endblock%}
+{%block contents%}
+<h1>Log out</h1>
+<p>Are you sure you want to log out of your PostgreSQL community account?</p>
+<form method="post" action="/account/logout/">
+  {% csrf_token %}
+  <input class="btn btn-primary" type="submit" value="Log out">
+  <a href="/account/" class="btn btn-default">Cancel</a>
+</form>
+{%endblock%}
-- 
2.50.1 (Apple Git-155)