From af7fbea8545ae9b0d63489b76975d2995a862348 Mon Sep 17 00:00:00 2001
From: Lila Yasin <lyasin@redhat.com>
Date: Wed, 4 Mar 2026 14:05:32 -0500
Subject: [PATCH] Fix LoggedLogoutView for Django 5.2 GET removal (#16317)

Django 5.2 restricts LogoutView to POST only (deprecated in 4.1,
  removed in 5.0+). Without this fix, GET requests to /api/logout/
  return 405 Method Not Allowed.

  Add http_method_names override and a get() method that delegates
  to post() where auth_logout() actually runs
---
 awx/api/generics.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/awx/api/generics.py b/awx/api/generics.py
index 4efc54b9a1..03289db5a5 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -131,8 +131,14 @@ class LoggedLoginView(auth_views.LoginView):
 
 
 class LoggedLogoutView(auth_views.LogoutView):
+    # Override http_method_names to allow GET requests (Django 5.2+ defaults to POST only)
+    http_method_names = ["get", "post", "options"]
     success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set()
 
+    def get(self, request, *args, **kwargs):
+        """Handle GET requests for logout (for backward compatibility)."""
+        return self.post(request, *args, **kwargs)
+
     def dispatch(self, request, *args, **kwargs):
         if is_proxied_request():
             # 1) We intentionally don't obey ?next= here, just always redirect to platform login