From 62e83c71d2086b91d58c313e46933ef7aa8b6db1 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Wed, 6 Jan 2016 07:05:05 -0500 Subject: [PATCH] Refs #25878 -- Added the expected return type of CSRF_FAILURE_VIEW. --- docs/ref/settings.txt | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index fc5ef4489e..a6ac7896d1 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -375,15 +375,16 @@ CSRF_FAILURE_VIEW Default: ``'django.views.csrf.csrf_failure'`` -A dotted path to the view function to be used when an incoming request -is rejected by the CSRF protection. The function should have this signature:: +A dotted path to the view function to be used when an incoming request is +rejected by the :doc:`CSRF protection `. The function should have +this signature:: def csrf_failure(request, reason=""): ... -where ``reason`` is a short message (intended for developers or logging, not for -end users) indicating the reason the request was rejected. See -:doc:`/ref/csrf`. +where ``reason`` is a short message (intended for developers or logging, not +for end users) indicating the reason the request was rejected. It should return +an :class:`~django.http.HttpResponseForbidden`. ``django.views.csrf.csrf_failure()`` accepts an additional ``template_name`` parameter that defaults to ``'403_csrf.html'``. If a template with that name