test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refs #25878 -- Added the expected return type of CSRF_FAILURE_VIEW.

This commit is contained in:
Tim Graham 2016-01-06 07:05:05 -05:00
parent 1e57dccb31
commit 62e83c71d2
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/ref/settings.txt
View File

@ -375,15 +375,16 @@ CSRF_FAILURE_VIEW
Default: ``'django.views.csrf.csrf_failure'``
A dotted path to the view function to be used when an incoming request
is rejected by the CSRF protection. The function should have this signature::
A dotted path to the view function to be used when an incoming request is
rejected by the :doc:`CSRF protection </ref/csrf>`. The function should have
this signature::
def csrf_failure(request, reason=""):
...
where ``reason`` is a short message (intended for developers or logging, not for
end users) indicating the reason the request was rejected. See
:doc:`/ref/csrf`.
where ``reason`` is a short message (intended for developers or logging, not
for end users) indicating the reason the request was rejected. It should return
an :class:`~django.http.HttpResponseForbidden`.
``django.views.csrf.csrf_failure()`` accepts an additional ``template_name``
parameter that defaults to ``'403_csrf.html'``. If a template with that name