django1/django/views/defaults.py

from django import http
from django.template import Context, Engine, TemplateDoesNotExist, loader
from django.utils.encoding import force_text
from django.views.decorators.csrf import requires_csrf_token

ERROR_404_TEMPLATE_NAME = '404.html'
ERROR_403_TEMPLATE_NAME = '403.html'
ERROR_400_TEMPLATE_NAME = '400.html'
ERROR_500_TEMPLATE_NAME = '500.html'


# This can be called when CsrfViewMiddleware.process_view has not run,
# therefore need @requires_csrf_token in case the template needs
# {% csrf_token %}.
@requires_csrf_token
def page_not_found(request, exception, template_name=ERROR_404_TEMPLATE_NAME):
    """
    Default 404 handler.

    Templates: :template:`404.html`
    Context:
        request_path
            The path of the requested URL (e.g., '/app/pages/bad_page/')
        exception
            The message from the exception which triggered the 404 (if one was
            supplied), or the exception class name
    """
    exception_repr = exception.__class__.__name__
    # Try to get an "interesting" exception message, if any (and not the ugly
    # Resolver404 dictionary)
    try:
        message = exception.args[0]
    except (AttributeError, IndexError):
        pass
    else:
        if isinstance(message, str):
            exception_repr = message
    context = {
        'request_path': request.path,
        'exception': exception_repr,
    }
    try:
        template = loader.get_template(template_name)
        body = template.render(context, request)
        content_type = None             # Django will use DEFAULT_CONTENT_TYPE
    except TemplateDoesNotExist:
        if template_name != ERROR_404_TEMPLATE_NAME:
            # Reraise if it's a missing custom template.
            raise
        template = Engine().from_string(
            '<h1>Not Found</h1>'
            '<p>The requested URL {{ request_path }} was not found on this server.</p>')
        body = template.render(Context(context))
        content_type = 'text/html'
    return http.HttpResponseNotFound(body, content_type=content_type)


@requires_csrf_token
def server_error(request, template_name=ERROR_500_TEMPLATE_NAME):
    """
    500 error handler.

    Templates: :template:`500.html`
    Context: None
    """
    try:
        template = loader.get_template(template_name)
    except TemplateDoesNotExist:
        if template_name != ERROR_500_TEMPLATE_NAME:
            # Reraise if it's a missing custom template.
            raise
        return http.HttpResponseServerError('<h1>Server Error (500)</h1>', content_type='text/html')
    return http.HttpResponseServerError(template.render())


@requires_csrf_token
def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):
    """
    400 error handler.

    Templates: :template:`400.html`
    Context: None
    """
    try:
        template = loader.get_template(template_name)
    except TemplateDoesNotExist:
        if template_name != ERROR_400_TEMPLATE_NAME:
            # Reraise if it's a missing custom template.
            raise
        return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>', content_type='text/html')
    # No exception content is passed to the template, to not disclose any sensitive information.
    return http.HttpResponseBadRequest(template.render())


# This can be called when CsrfViewMiddleware.process_view has not run,
# therefore need @requires_csrf_token in case the template needs
# {% csrf_token %}.
@requires_csrf_token
def permission_denied(request, exception, template_name=ERROR_403_TEMPLATE_NAME):
    """
    Permission denied (403) handler.

    Templates: :template:`403.html`
    Context: None

    If the template does not exist, an Http403 response containing the text
    "403 Forbidden" (as per RFC 7231) will be returned.
    """
    try:
        template = loader.get_template(template_name)
    except TemplateDoesNotExist:
        if template_name != ERROR_403_TEMPLATE_NAME:
            # Reraise if it's a missing custom template.
            raise
        return http.HttpResponseForbidden('<h1>403 Forbidden</h1>', content_type='text/html')
    return http.HttpResponseForbidden(
        template.render(request=request, context={'exception': force_text(exception)})
    )
MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-05-02 09:31:56 +08:00			`from django import http`
Sorted imports with isort; refs #23860. 2015-01-28 20:35:27 +08:00			`from django.template import Context, Engine, TemplateDoesNotExist, loader`
Fixed #24733 -- Passed the triggering exception to 40x error handlers Thanks Tim Graham for the review. 2015-04-22 03:54:00 +08:00			`from django.utils.encoding import force_text`
Fixed #14565 - No csrf_token on 404 page. This solution doesn't have the negative side-effects of [14356]. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14377 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-10-28 19:47:15 +08:00			`from django.views.decorators.csrf import requires_csrf_token`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`ERROR_404_TEMPLATE_NAME = '404.html'`
			`ERROR_403_TEMPLATE_NAME = '403.html'`
			`ERROR_400_TEMPLATE_NAME = '400.html'`
			`ERROR_500_TEMPLATE_NAME = '500.html'`

Fixed #14565 - No csrf_token on 404 page. This solution doesn't have the negative side-effects of [14356]. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14377 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-10-28 19:47:15 +08:00
Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis, adamnelson, vkryachko, fvox13 and Chris Beaven. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16606 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-08-12 22:15:31 +08:00			`# This can be called when CsrfViewMiddleware.process_view has not run,`
			`# therefore need @requires_csrf_token in case the template needs`
			`# {% csrf_token %}.`
Fixed #14565 - No csrf_token on 404 page. This solution doesn't have the negative side-effects of [14356]. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14377 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-10-28 19:47:15 +08:00			`@requires_csrf_token`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`def page_not_found(request, exception, template_name=ERROR_404_TEMPLATE_NAME):`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`"""`
Fixed #7127 -- Fixed incorrect docstring for page_not_found() view. Thanks, kcarnold and Simon Greenhill git-svn-id: http://code.djangoproject.com/svn/django/trunk@7650 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-06-16 11:41:03 +08:00			`Default 404 handler.`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00
Add reST role to templates named in some view docs. This makes the templates link up correctly in the admindocs. 2012-06-27 09:17:15 +08:00			Templates: :template:`404.html`
MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions. git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2006-05-02 09:31:56 +08:00			`Context:`
			`request_path`
			`The path of the requested URL (e.g., '/app/pages/bad_page/')`
Fixed #24733 -- Passed the triggering exception to 40x error handlers Thanks Tim Graham for the review. 2015-04-22 03:54:00 +08:00			`exception`
			`The message from the exception which triggered the 404 (if one was`
			`supplied), or the exception class name`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`"""`
Fixed #24733 -- Passed the triggering exception to 40x error handlers Thanks Tim Graham for the review. 2015-04-22 03:54:00 +08:00			`exception_repr = exception.__class__.__name__`
			`# Try to get an "interesting" exception message, if any (and not the ugly`
			`# Resolver404 dictionary)`
			`try:`
			`message = exception.args[0]`
			`except (AttributeError, IndexError):`
			`pass`
			`else:`
Refs #23919 -- Removed six.<various>_types usage Thanks Tim Graham and Simon Charette for the reviews. 2016-12-29 23:27:49 +08:00			`if isinstance(message, str):`
Fixed #24733 -- Passed the triggering exception to 40x error handlers Thanks Tim Graham for the review. 2015-04-22 03:54:00 +08:00			`exception_repr = message`
			`context = {`
			`'request_path': request.path,`
			`'exception': exception_repr,`
			`}`
Fixed #18807 -- Made 404.html and 500.html optional Thanks Aymeric Augustin for the report and Jannis Leidel for the review. 2012-10-01 05:16:14 +08:00			`try:`
			`template = loader.get_template(template_name)`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`body = template.render(context, request)`
Fixed #20822 -- Set content type of default error pages to 'text/html'. Thanks Jimmy Song for the patch. 2013-08-04 17:01:01 +08:00			`content_type = None # Django will use DEFAULT_CONTENT_TYPE`
Fixed #18807 -- Made 404.html and 500.html optional Thanks Aymeric Augustin for the report and Jannis Leidel for the review. 2012-10-01 05:16:14 +08:00			`except TemplateDoesNotExist:`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`if template_name != ERROR_404_TEMPLATE_NAME:`
			`# Reraise if it's a missing custom template.`
			`raise`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`template = Engine().from_string(`
Fixed #18807 -- Made 404.html and 500.html optional Thanks Aymeric Augustin for the report and Jannis Leidel for the review. 2012-10-01 05:16:14 +08:00			`'<h1>Not Found</h1>'`
			`'<p>The requested URL {{ request_path }} was not found on this server.</p>')`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`body = template.render(Context(context))`
Fixed #20822 -- Set content type of default error pages to 'text/html'. Thanks Jimmy Song for the patch. 2013-08-04 17:01:01 +08:00			`content_type = 'text/html'`
			`return http.HttpResponseNotFound(body, content_type=content_type)`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00
Fixed #14565 - No csrf_token on 404 page. This solution doesn't have the negative side-effects of [14356]. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14377 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-10-28 19:47:15 +08:00
			`@requires_csrf_token`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`def server_error(request, template_name=ERROR_500_TEMPLATE_NAME):`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`"""`
BACKWARDS-INCOMPATIBLE CHANGE -- Moved flatpages and redirects to standalone apps in django.contrib that are NOT installed by default. See http://code.djangoproject.com/wiki/BackwardsIncompatibleChanges for full migration information. git-svn-id: http://code.djangoproject.com/svn/django/trunk@1166 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-11-11 12:45:05 +08:00			`500 error handler.`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00
Add reST role to templates named in some view docs. This makes the templates link up correctly in the admindocs. 2012-06-27 09:17:15 +08:00			Templates: :template:`500.html`
Imported Django from private SVN repository (created from r. 8825) git-svn-id: http://code.djangoproject.com/svn/django/trunk@3 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2005-07-13 09:25:57 +08:00			`Context: None`
			`"""`
Fixed #18807 -- Made 404.html and 500.html optional Thanks Aymeric Augustin for the report and Jannis Leidel for the review. 2012-10-01 05:16:14 +08:00			`try:`
			`template = loader.get_template(template_name)`
			`except TemplateDoesNotExist:`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`if template_name != ERROR_500_TEMPLATE_NAME:`
			`# Reraise if it's a missing custom template.`
			`raise`
Fixed #20822 -- Set content type of default error pages to 'text/html'. Thanks Jimmy Song for the patch. 2013-08-04 17:01:01 +08:00			`return http.HttpResponseServerError('<h1>Server Error (500)</h1>', content_type='text/html')`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`return http.HttpResponseServerError(template.render())`
Moved the bulk of the shortcut() function in django/views/defaults.py to a new module, django/contrib/contenttypes/views.py. As a result, django/views/defaults.py no longer relies on django.contrib.contenttypes. Of course, the shortcut() function is still available in the former module, for backwards compatibility. See the new FutureBackwardsIncompatibleChanges wiki page. git-svn-id: http://code.djangoproject.com/svn/django/trunk@9001 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2008-09-10 13:56:34 +08:00
Fixed #14565 - No csrf_token on 404 page. This solution doesn't have the negative side-effects of [14356]. git-svn-id: http://code.djangoproject.com/svn/django/trunk@14377 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2010-10-28 19:47:15 +08:00
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. 2013-05-16 07:14:28 +08:00			`@requires_csrf_token`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`def bad_request(request, exception, template_name=ERROR_400_TEMPLATE_NAME):`
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. 2013-05-16 07:14:28 +08:00			`"""`
			`400 error handler.`

			Templates: :template:`400.html`
			`Context: None`
			`"""`
			`try:`
			`template = loader.get_template(template_name)`
			`except TemplateDoesNotExist:`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`if template_name != ERROR_400_TEMPLATE_NAME:`
			`# Reraise if it's a missing custom template.`
			`raise`
Fixed #20822 -- Set content type of default error pages to 'text/html'. Thanks Jimmy Song for the patch. 2013-08-04 17:01:01 +08:00			`return http.HttpResponseBadRequest('<h1>Bad Request (400)</h1>', content_type='text/html')`
Fixed #24733 -- Passed the triggering exception to 40x error handlers Thanks Tim Graham for the review. 2015-04-22 03:54:00 +08:00			`# No exception content is passed to the template, to not disclose any sensitive information.`
Deprecated passing a Context to a generic Template.render. A deprecation path is required because the return type of django.template.loader.get_template changed during the multiple template engines refactor. test_csrf_token_in_404 was incorrect: it tested the case when the hardcoded template was rendered, and that template doesn't depend on the CSRF token. This commit makes it test the case when a custom template is rendered. 2015-01-08 22:03:43 +08:00			`return http.HttpResponseBadRequest(template.render())`
Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review. 2013-05-16 07:14:28 +08:00

Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis, adamnelson, vkryachko, fvox13 and Chris Beaven. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16606 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-08-12 22:15:31 +08:00			`# This can be called when CsrfViewMiddleware.process_view has not run,`
			`# therefore need @requires_csrf_token in case the template needs`
			`# {% csrf_token %}.`
			`@requires_csrf_token`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`def permission_denied(request, exception, template_name=ERROR_403_TEMPLATE_NAME):`
Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis, adamnelson, vkryachko, fvox13 and Chris Beaven. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16606 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-08-12 22:15:31 +08:00			`"""`
			`Permission denied (403) handler.`

Add reST role to templates named in some view docs. This makes the templates link up correctly in the admindocs. 2012-06-27 09:17:15 +08:00			Templates: :template:`403.html`
Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis, adamnelson, vkryachko, fvox13 and Chris Beaven. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16606 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-08-12 22:15:31 +08:00			`Context: None`

			`If the template does not exist, an Http403 response containing the text`
Fixed #26567 -- Updated references to obsolete RFC2616. Didn't touch comments where it wasn't obvious that the code adhered to the newer standard. 2016-05-02 20:35:05 +08:00			`"403 Forbidden" (as per RFC 7231) will be returned.`
Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis, adamnelson, vkryachko, fvox13 and Chris Beaven. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16606 bcc190cf-cafb-0310-a4f2-bffc1f526a37 2011-08-12 22:15:31 +08:00			`"""`
			`try:`
			`template = loader.get_template(template_name)`
			`except TemplateDoesNotExist:`
Fixed #25697 -- Made default error views error when passed a nonexistent template_name. 2015-11-08 00:24:07 +08:00			`if template_name != ERROR_403_TEMPLATE_NAME:`
			`# Reraise if it's a missing custom template.`
			`raise`
Fixed #20822 -- Set content type of default error pages to 'text/html'. Thanks Jimmy Song for the patch. 2013-08-04 17:01:01 +08:00			`return http.HttpResponseForbidden('<h1>403 Forbidden</h1>', content_type='text/html')`
Fixed #24733 -- Passed the triggering exception to 40x error handlers Thanks Tim Graham for the review. 2015-04-22 03:54:00 +08:00			`return http.HttpResponseForbidden(`
			`template.render(request=request, context={'exception': force_text(exception)})`
			`)`