fix-logout

common/templates/_header.html

@@ -103,7 +103,7 @@
                 <a href="{% url 'users:info' %}">{% trans 'Account' %}</a>
               </li>
               <li>
-                <a href="{% url 'users:logout' %}">{% trans 'Logout' %}</a>
+                <a href="#" onclick="$('#logout').submit()">{% trans 'Logout' %}</a>
               </li>
               {% if request.user.is_superuser %}
                 <li>
@@ -149,3 +149,6 @@ _search_cat_change();
     {% endfor %}
   </ul>
 {% endif %}
+<form id="logout" action="{% url 'users:logout' %}" method="post">
+  {% csrf_token %}
+</form>

users/templates/users/welcome.html

@@ -24,10 +24,9 @@
               {{ site_name }} is flourishing because of collaborations and contributions from users like you. Please read our <a href="/pages/rules">rules</a>, and feel free to <a href="{{ support_link }}">contact us</a> if you have any question or feedback.
         {% endblocktrans %}
         </p>
-        <form action="{{ request.session.next_url | default:'/' }}" method="post">
-          {% csrf_token %}
-          <input type="submit" value="{% trans 'Accept' %}">
-        </form>
+        <input type="submit"
+               value="{% trans 'Accept' %}"
+               onclick="location='{{ request.session.next_url | default:'/' }}'">
       </article>
     </div>
   </body>

users/views/account.py

@@ -51,6 +51,7 @@ def login(request):
     )
 
 
+@require_http_methods(["POST"])
 @login_required
 def logout(request):
     return auth_logout(request)
@@ -216,7 +217,7 @@ def logout_takahe(response: HttpResponse):
 
 def auth_logout(request):
     auth.logout(request)
-    return logout_takahe(redirect("/"))
+    return logout_takahe(redirect(request.GET.get("next", "/")))
 
 
 def initiate_user_deletion(user):