mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-20 09:39:13 +00:00
Code Issues 32 Releases Wiki Activity

[1.9.x] Refs #25878 -- Added the expected return type of CSRF_FAILURE_VIEW.

Browse Source 
Backport of 62e83c71d2086b91d58c313e46933ef7aa8b6db1 from master
This commit is contained in:
Tim Graham 2016-01-06 07:05:05 -05:00
parent 00a9854ca9
commit c74b1b408a
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
docs/ref/settings.txt
View File

@ -401,15 +401,16 @@ CSRF_FAILURE_VIEW
Default: ``'django.views.csrf.csrf_failure'`` Default: ``'django.views.csrf.csrf_failure'``
A dotted path to the view function to be used when an incoming request A dotted path to the view function to be used when an incoming request is
is rejected by the CSRF protection. The function should have this signature:: rejected by the :doc:`CSRF protection </ref/csrf>`. The function should have
this signature::
def csrf_failure(request, reason=""): def csrf_failure(request, reason=""):
... ...
where ``reason`` is a short message (intended for developers or logging, not for where ``reason`` is a short message (intended for developers or logging, not
end users) indicating the reason the request was rejected. See for end users) indicating the reason the request was rejected. It should return
:doc:`/ref/csrf`. an :class:`~django.http.HttpResponseForbidden`.
.. setting:: CSRF_HEADER_NAME .. setting:: CSRF_HEADER_NAME