summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/settings.txt11
1 files changed, 6 insertions, 5 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index fc5ef4489e..a6ac7896d1 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -375,15 +375,16 @@ CSRF_FAILURE_VIEW
Default: ``'django.views.csrf.csrf_failure'``
-A dotted path to the view function to be used when an incoming request
-is rejected by the CSRF protection. The function should have this signature::
+A dotted path to the view function to be used when an incoming request is
+rejected by the :doc:`CSRF protection </ref/csrf>`. The function should have
+this signature::
def csrf_failure(request, reason=""):
...
-where ``reason`` is a short message (intended for developers or logging, not for
-end users) indicating the reason the request was rejected. See
-:doc:`/ref/csrf`.
+where ``reason`` is a short message (intended for developers or logging, not
+for end users) indicating the reason the request was rejected. It should return
+an :class:`~django.http.HttpResponseForbidden`.
``django.views.csrf.csrf_failure()`` accepts an additional ``template_name``
parameter that defaults to ``'403_csrf.html'``. If a template with that name