readthedocs · humitos · Oct 9, 2019 · Oct 3, 2019 · Oct 3, 2019 · Oct 9, 2019
diff --git a/readthedocs/projects/views/private.py b/readthedocs/projects/views/private.py
@@ -215,9 +215,9 @@ def form_valid(self, form):
 
 class ProjectVersionDeleteHTML(ProjectVersionMixin, GenericModelView):
 
-    http_method_names = ['get', 'post']
+    http_method_names = ['post']
 
-    def get(self, request, *args, **kwargs):
+    def post(self, request, *args, **kwargs):
         version = self.get_object()
         if not version.active:
             version.built = False
@@ -233,9 +233,6 @@ def get(self, request, *args, **kwargs):
             )
         return HttpResponseRedirect(self.get_success_url())
 
-    def post(self, request, *args, **kwargs):
-        return self.get(request, *args, **kwargs)
-
 
 class ImportWizardView(
         ProjectImportMixin, ProjectSpamMixin, PrivateViewMixin,
@@ -640,17 +637,14 @@ def get_context_data(self, **kwargs):
 
 class ProjectTranslationsDelete(ProjectTranslationsMixin, GenericView):
 
-    http_method_names = ['get', 'post']
+    http_method_names = ['post']
 
-    def get(self, request, *args, **kwargs):
+    def post(self, request, *args, **kwargs):
         project = self.get_project()
         translation = self.get_translation(kwargs['child_slug'])
         project.translations.remove(translation)
         return HttpResponseRedirect(self.get_success_url())
 
-    def post(self, request, *args, **kwargs):
-        return self.get(request, *args, **kwargs)
-
     def get_translation(self, slug):
         project = self.get_project()
         translation = get_object_or_404(

diff --git a/readthedocs/templates/projects/project_translations.html b/readthedocs/templates/projects/project_translations.html
@@ -44,7 +44,12 @@ <h3> {% trans "Existing Translations" %} </h3>
                   {{ lang_project.name }} ({{ lang_project.get_language_display }})
                 </a>
                 <ul class="module-item-menu">
-                  <li><a href="{% url "projects_translations_delete" project.slug lang_project.slug  %}">{% trans "Remove" %}</a></li>
+                  <li>
+                    <form method="post" action="{% url "projects_translations_delete" project.slug lang_project.slug %}">
+                      {% csrf_token %}
+                      <input type="submit" value="{% trans 'Remove' %}">
+                    </form>
+                  </li>
                 </ul>
               </li>
             {% empty %}

diff --git a/readthedocs/templates/projects/project_version_detail.html b/readthedocs/templates/projects/project_version_detail.html
@@ -19,11 +19,13 @@ <h2> Editing {{ version.slug }} </h2>
 
     {% if request.user|is_admin:project %}
       {% if not version.active and version.built %}
+        <form name="version_delete_html" method="post" action="{% url "project_version_delete_html" project.slug version.slug %}">
+          {% csrf_token %}
+        </form>
         <p class="empty">
-          {% url "project_version_delete_html" project.slug version.slug as version_delete_url %}
           {% blocktrans trimmed %}
             This version is inactive but its documentation is still available online.
-            You can <a href="{{ version_delete_url }}">delete this version's documentation</a> if you want to remove it completely.
+            You can <a href="#" onclick="document.forms['version_delete_html'].submit();">delete this version's documentation</a> if you want to remove it completely.
           {% endblocktrans %}
         </p>
       {% endif %}