p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refs #25878 -- Added the expected return type of CSRF_FAILURE_VIEW.

This commit is contained in:
Tim Graham 2016-01-06 07:05:05 -05:00
parent 1e57dccb31
commit 62e83c71d2
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/ref/settings.txt
View File

@ -375,15 +375,16 @@ CSRF_FAILURE_VIEW
Default: ``'django.views.csrf.csrf_failure'`` Default: ``'django.views.csrf.csrf_failure'``
A dotted path to the view function to be used when an incoming request A dotted path to the view function to be used when an incoming request is
is rejected by the CSRF protection. The function should have this signature:: rejected by the :doc:`CSRF protection </ref/csrf>`. The function should have
this signature::
def csrf_failure(request, reason=""): def csrf_failure(request, reason=""):
... ...
where ``reason`` is a short message (intended for developers or logging, not for where ``reason`` is a short message (intended for developers or logging, not
end users) indicating the reason the request was rejected. See for end users) indicating the reason the request was rejected. It should return
:doc:`/ref/csrf`. an :class:`~django.http.HttpResponseForbidden`.
``django.views.csrf.csrf_failure()`` accepts an additional ``template_name`` ``django.views.csrf.csrf_failure()`` accepts an additional ``template_name``
parameter that defaults to ``'403_csrf.html'``. If a template with that name parameter that defaults to ``'403_csrf.html'``. If a template with that name