Django - custom 403 template

You need to use 403_csrf.html.

For regular 403 permission denied pages, creating the 403.html template should work.

However, for CSRF errors (which also return status code 403), you should create a 403_csrf.html template instead.

Creating a 403_csrf.html template works in Django 1.10+. For earlier versions, you had to change the CSRF_FAILURE_VIEW setting to the view you want to use.

See the CSRF docs for more info.

There was a discussion about why the CSRF failure view behaves differently in the Django-developers mailing list this week.