diff -u b/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php b/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php
--- b/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php
+++ b/core/lib/Drupal/Core/Access/RouteProcessorCsrf.php
@@ -32,7 +32,7 @@
    * {@inheritdoc}
    */
   public function processOutbound($route_name, Route $route, array &$parameters, BubbleableMetadata $bubbleable_metadata = NULL) {
-    if ($route->hasRequirement('_csrf_token') || $route->hasRequirement('_csrf_token_optional')) {
+    if ($route->hasRequirement('_csrf_token') || $route->hasRequirement('_csrf_token_or_confirm')) {
       $path = ltrim($route->getPath(), '/');
       // Replace the path parameters with values from the parameters array.
       foreach ($parameters as $param => $value) {
diff -u b/core/modules/user/user.routing.yml b/core/modules/user/user.routing.yml
--- b/core/modules/user/user.routing.yml
+++ b/core/modules/user/user.routing.yml
@@ -12,7 +12,7 @@
     _controller: '\Drupal\user\Controller\UserController::logout'
   requirements:
     _user_is_logged_in: 'TRUE'
-    _csrf_token_optional: 'TRUE'
+    _csrf_token_or_confirm: 'TRUE'
 
 user.admin_index:
   path: '/admin/config/people'
diff -u b/core/tests/Drupal/Tests/BrowserTestBase.php b/core/tests/Drupal/Tests/BrowserTestBase.php
--- b/core/tests/Drupal/Tests/BrowserTestBase.php
+++ b/core/tests/Drupal/Tests/BrowserTestBase.php
@@ -797,7 +797,7 @@
     // idea being if you were properly logged out you should be seeing a login
     // screen.
     $assert_session = $this->assertSession();
-    $this->drupalPostForm('user/logout', [], 'Log out', ['query' => ['destination' => 'user']]);
+    $this->drupalGet('user/logout', array('query' => array('destination' => 'user')));
     $assert_session->statusCodeEquals(200);
     $assert_session->fieldExists('name');
     $assert_session->fieldExists('pass');
@@ -832,7 +832,7 @@
     // idea being if you were properly logged out you should be seeing a login
     // screen.
     $assert_session = $this->assertSession();
-    $this->drupalGet('user/logout', array('query' => array('destination' => 'user')));
+    $this->drupalPostForm('user/logout', [], 'Log out', ['query' => ['destination' => 'user']]);
     $assert_session->statusCodeEquals(200);
     $assert_session->fieldExists('name');
     $assert_session->fieldExists('pass');