It's a bug in the python-dev instance. It uses a GET on retire, yet the CSRF protection requires it to be a POST. Most likely, the instance needs to be updated to match the template.