Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set.

django/contrib/auth/views.py

@@ -175,7 +175,10 @@ class LogoutView(SuccessURLAllowedHostsMixin, TemplateView):
             # Security check -- Ensure the user-originating redirection URL is
             # safe.
             if not url_is_safe:
-                next_page = self.request.path
+                if settings.LOGOUT_REDIRECT_URL:
+                    next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
+                else:
+                    next_page = self.request.path
         return next_page
 
     def get_context_data(self, **kwargs):

tests/auth_tests/test_views.py

@@ -1335,6 +1335,12 @@ class LogoutTest(AuthViewsTestCase):
         response = self.client.post("/logout/")
         self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
 
+    @override_settings(LOGOUT_REDIRECT_URL="/custom/")
+    def test_logout_redirect_url_setting_allowed_hosts_unsafe_host(self):
+        self.login()
+        response = self.client.post("/logout/allowed_hosts/?next=https://evil/")
+        self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
+
     @override_settings(LOGOUT_REDIRECT_URL="logout")
     def test_logout_redirect_url_named_setting(self):
         self.login()