From c74b1b408a3ccdc1f1c199e709f7c825644f1a9e Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Wed, 6 Jan 2016 07:05:05 -0500 Subject: [PATCH] [1.9.x] Refs #25878 -- Added the expected return type of CSRF_FAILURE_VIEW. Backport of 62e83c71d2086b91d58c313e46933ef7aa8b6db1 from master --- docs/ref/settings.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index ad7bfaae4f..f034030101 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -401,15 +401,16 @@ CSRF_FAILURE_VIEW Default: ``'django.views.csrf.csrf_failure'`` -A dotted path to the view function to be used when an incoming request -is rejected by the CSRF protection. The function should have this signature:: +A dotted path to the view function to be used when an incoming request is +rejected by the :doc:`CSRF protection `. The function should have +this signature:: def csrf_failure(request, reason=""): ... -where ``reason`` is a short message (intended for developers or logging, not for -end users) indicating the reason the request was rejected. See -:doc:`/ref/csrf`. +where ``reason`` is a short message (intended for developers or logging, not +for end users) indicating the reason the request was rejected. It should return +an :class:`~django.http.HttpResponseForbidden`. .. setting:: CSRF_HEADER_NAME