Looking at the code of the LogoutView, I am surprised that when USE_JWT is true and JWT_AUTH_HTTPONLY is false, the code only searches for the refresh_token in the request data without also checking the cookies.
What do you think?