Fixed #21668 -- Return detailed error page when SuspiciousOperation is raised and DEBUG=True

Thanks GDorn and gox21 for report.

Thanks Tim Graham for idea and review.

django/core/handlers/base.py

@@ -183,6 +183,8 @@ class BaseHandler(object):
                     'status_code': 400,
                     'request': request
                 })
+            if settings.DEBUG:
+                return debug.technical_500_response(request, *sys.exc_info(), status_code=400)
 
             response = self.get_exception_response(request, resolver, 400)
 

django/views/debug.py

@@ -7,8 +7,8 @@ import sys
 import types
 
 from django.conf import settings
-from django.http import (HttpResponse, HttpResponseServerError,
-    HttpResponseNotFound, HttpRequest, build_request_repr)
+from django.http import (HttpResponse, HttpResponseNotFound, HttpRequest,
+    build_request_repr)
 from django.template import Template, Context, TemplateDoesNotExist
 from django.template.defaultfilters import force_escape, pprint
 from django.utils.datastructures import MultiValueDict
@@ -65,7 +65,7 @@ def get_safe_settings():
     return settings_dict
 
 
-def technical_500_response(request, exc_type, exc_value, tb):
+def technical_500_response(request, exc_type, exc_value, tb, status_code=500):
     """
     Create a technical server error response. The last three arguments are
     the values returned from sys.exc_info() and friends.
@@ -73,10 +73,10 @@ def technical_500_response(request, exc_type, exc_value, tb):
     reporter = ExceptionReporter(request, exc_type, exc_value, tb)
     if request.is_ajax():
         text = reporter.get_traceback_text()
-        return HttpResponseServerError(text, content_type='text/plain')
+        return HttpResponse(text, status=status_code, content_type='text/plain')
     else:
         html = reporter.get_traceback_html()
-        return HttpResponseServerError(html, content_type='text/html')
+        return HttpResponse(html, status=status_code, content_type='text/html')
 
 # Cache for the default exception reporter filter instance.
 default_exception_reporter_filter = None
@@ -987,7 +987,7 @@ Exception Value: {{ exception_value|force_escape }}
     <p>
       You're seeing this error because you have <code>DEBUG = True</code> in your
       Django settings file. Change that to <code>False</code>, and Django will
-      display a standard 500 page.
+      display a standard page generated by the handler for this status code.
     </p>
   </div>
 {% endif %}
@@ -1053,7 +1053,7 @@ Using settings module {{ settings.SETTINGS_MODULE }}{% for k, v in settings.item
 
 You're seeing this error because you have DEBUG = True in your
 Django settings file. Change that to False, and Django will
-display a standard 500 page.
+display a standard page generated by the handler for this status code.
 """
 
 TECHNICAL_404_TEMPLATE = """

docs/releases/1.8.txt

@@ -211,6 +211,10 @@ Requests and Responses
   <django.http.HttpRequest.build_absolute_uri>` method now handles paths
   starting with ``//`` correctly.
 
+* If :setting:`DEBUG` is ``True`` and a request raises a
+  :exc:`~django.core.exceptions.SuspiciousOperation`, the response will be
+  rendered with a detailed error page.
+
 Tests
 ^^^^^
 

tests/view_tests/tests/test_debug.py

@@ -44,6 +44,11 @@ class DebugViewTests(TestCase):
         self.assertContains(response, 'file_data.txt', status_code=500)
         self.assertNotContains(response, 'haha', status_code=500)
 
+    def test_400(self):
+        # Ensure that when DEBUG=True, technical_500_template() is called.
+        response = self.client.get('/raises400/')
+        self.assertContains(response, '<div class="context" id="', status_code=400)
+
     def test_403(self):
         # Ensure no 403.html template exists to test the default case.
         with override_with_test_loader({}):