Fixed #21324 -- Translate CSRF failure view

Thanks to Claude Paroz for the original patch.

django/views/csrf.py

@@ -1,11 +1,16 @@
+from django.conf import settings
 from django.http import HttpResponseForbidden
 from django.template import Context, Template
-from django.conf import settings
+from django.utils.translation import ugettext as _
 
 # We include the template inline since we need to be able to reliably display
 # this error message, especially for the sake of developers, and there isn't any
 # other way of making it available independent of what is in the settings file.
 
+# Only the text appearing with DEBUG=False is translated. Normal translation
+# tags cannot be used with this inline templates as makemessages would not be
+# able to discover the strings.
+
 CSRF_FAILURE_TEMPLATE = """
 <!DOCTYPE html>
 <html lang="en">
@@ -30,17 +35,11 @@ CSRF_FAILURE_TEMPLATE = """
 </head>
 <body>
 <div id="summary">
-  <h1>Forbidden <span>(403)</span></h1>
-  <p>CSRF verification failed. Request aborted.</p>
+  <h1>{{ title }} <span>(403)</span></h1>
+  <p>{{ main }}</p>
 {% if no_referer %}
-  <p>You are seeing this message because this HTTPS site requires a 'Referer
-   header' to be sent by your Web browser, but none was sent. This header is
-   required for security reasons, to ensure that your browser is not being
-   hijacked by third parties.</p>
-
-  <p>If you have configured your browser to disable 'Referer' headers, please
-   re-enable them, at least for this site, or for HTTPS connections, or for
-   'same-origin' requests.</p>
+  <p>{{ no_referer1 }}</p>
+  <p>{{ no_referer2 }}</p>
 {% endif %}
 </div>
 {% if DEBUG %}
@@ -84,21 +83,35 @@ CSRF_FAILURE_TEMPLATE = """
 </div>
 {% else %}
 <div id="explanation">
-  <p><small>More information is available with DEBUG=True.</small></p>
+  <p><small>{{ more }}</small></p>
 </div>
 {% endif %}
 </body>
 </html>
 """
 
+
 def csrf_failure(request, reason=""):
     """
     Default view used when request fails CSRF protection
     """
     from django.middleware.csrf import REASON_NO_REFERER
     t = Template(CSRF_FAILURE_TEMPLATE)
-    c = Context({'DEBUG': settings.DEBUG,
-                 'reason': reason,
-                 'no_referer': reason == REASON_NO_REFERER
-                 })
+    c = Context({
+        'title': _("Forbidden"),
+        'main': _("CSRF verification failed. Request aborted."),
+        'reason': reason,
+        'no_referer': reason == REASON_NO_REFERER,
+        'no_referer1': _(
+            "You are seeing this message because this HTTPS site requires a "
+            "'Referer header' to be sent by your Web browser, but none was "
+            "sent. This header is required for security reasons, to ensure "
+            "that your browser is not being hijacked by third parties."),
+        'no_referer2': _(
+            "If you have configured your browser to disable 'Referer' headers, "
+            "please re-enable them, at least for this site, or for HTTPS "
+            "connections, or for 'same-origin' requests."),
+        'DEBUG': settings.DEBUG,
+        'more': _("More information is available with DEBUG=True."),
+    })
     return HttpResponseForbidden(t.render(c), content_type='text/html')