diff --git a/dj_rest_auth/views.py b/dj_rest_auth/views.py
index 9cd525a7..a80cd9a2 100644
--- a/dj_rest_auth/views.py
+++ b/dj_rest_auth/views.py
@@ -178,11 +178,21 @@ def logout(self, request):
             if 'rest_framework_simplejwt.token_blacklist' in settings.INSTALLED_APPS:
                 # add refresh token to blacklist
                 try:
-                    token = RefreshToken(request.data['refresh'])
+                    token: RefreshToken = RefreshToken(None)
+                    if api_settings.JWT_AUTH_HTTPONLY:
+                        try:
+                            token = RefreshToken(request.COOKIES[api_settings.JWT_AUTH_REFRESH_COOKIE])
+                        except KeyError:
+                            response.data = {'detail': _('Refresh token was not included in cookie data.')}
+                            response.status_code =status.HTTP_401_UNAUTHORIZED
+                    else:
+                        try:
+                            token = RefreshToken(request.data['refresh'])
+                        except KeyError:
+                            response.data = {'detail': _('Refresh token was not included in request data.')}
+                            response.status_code =status.HTTP_401_UNAUTHORIZED
+
                     token.blacklist()
-                except KeyError:
-                    response.data = {'detail': _('Refresh token was not included in request data.')}
-                    response.status_code =status.HTTP_401_UNAUTHORIZED
                 except (TokenError, AttributeError, TypeError) as error:
                     if hasattr(error, 'args'):
                         if 'Token is blacklisted' in error.args or 'Token is invalid or expired' in error.args: