diff options
| author | Tim Graham <timograham@gmail.com> | 2016-01-06 07:05:05 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-01-06 07:05:05 -0500 |
| commit | 62e83c71d2086b91d58c313e46933ef7aa8b6db1 (patch) | |
| tree | 42dc260d4ab50378363ba6d56504260cd2a494fa /docs | |
| parent | 1e57dccb31b1302c7292dfa7eac8d8aeeb76a7d0 (diff) | |
Refs #25878 -- Added the expected return type of CSRF_FAILURE_VIEW.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/settings.txt | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index fc5ef4489e..a6ac7896d1 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -375,15 +375,16 @@ CSRF_FAILURE_VIEW Default: ``'django.views.csrf.csrf_failure'`` -A dotted path to the view function to be used when an incoming request -is rejected by the CSRF protection. The function should have this signature:: +A dotted path to the view function to be used when an incoming request is +rejected by the :doc:`CSRF protection </ref/csrf>`. The function should have +this signature:: def csrf_failure(request, reason=""): ... -where ``reason`` is a short message (intended for developers or logging, not for -end users) indicating the reason the request was rejected. See -:doc:`/ref/csrf`. +where ``reason`` is a short message (intended for developers or logging, not +for end users) indicating the reason the request was rejected. It should return +an :class:`~django.http.HttpResponseForbidden`. ``django.views.csrf.csrf_failure()`` accepts an additional ``template_name`` parameter that defaults to ``'403_csrf.html'``. If a template with that name |
