How to disable intermediate signout page in Django allauth
Updated for December 2018.
Using a GET request is probably a bad idea due to browsers prefetching urls from the URL bar. Chrome (as of right now) is pretty bad for this; it'll send a GET
request to pages it think you'll hit enter
on when typing in your URL bar.
Plus, people can add a link such as <img src="https://example.com/account/logout/">
and you'll be logged out. That's not a security risk since it's logging you out, but it is certainly annoying for your users.
Instead, you should consider using a POST
request using a form with CSRF. Django Allauth already comes with this. Here's the <form>
from the intermediate signout page:
<form method="post" action="{% url 'account_logout' %}"> {% csrf_token %} {% if redirect_field_value %} <input type="hidden" name="{{ redirect_field_name }}" value="{{ redirect_field_value }}"/> {% endif %} <button class="STYLE_ME" type="submit">Logout</button></form>
In my case, I just added this to the site header and made the submit <button>
look like every other link using CSS so it feels the same to them, but the form will use a POST request.
But if that's not a solution you can implement for any reason, open your settings.py
file (or your main settings file) and set:
ACCOUNT_LOGOUT_ON_GET = True
^ The above setting will do what you need. For further Django Allauth settings, check out their configuration page at https://django-allauth.readthedocs.io/en/latest/configuration.html?highlight=ACCOUNT_LOGOUT_ON_GET
Here's another shortcut for preserving the POST request, if you don't want to mess with styling the form button with something like this:
Hide the form:
<form style='display: none;' method="post" action="{% url 'account_logout' %}"> {% csrf_token %} <input type="hidden" name="next" value="/redirect_target/"/> <button id="signOutBtn" type="submit">Logout</button></form>
Submit with a click event attached to whatever element you've already styled:
$(document).on('click', '#signOutLink', function() { $('#signOutBtn').click()});