id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
15619	Logout link should be protected	Alexey Boriskin	René Fleschenberg	"There is a logout link in admin app. It is link, not a form. Therefore it is not CSRF-protected.
Probably it is not so important to protect logout from CSRF attack, because this fact cannot be used to do anything harmful. So this is just a request for purity.
Another reason is that GET request should never change invernal state of the system."	Cleanup/optimization	closed	contrib.auth	dev	Normal	fixed		vlastimil.zima@… raymond.penners@… csrf.django@… eromijn@… unai@… vlastimil@… Gwildor Sok	Ready for checkin	1	0	0	0	0	0