Django : How to override the CSRF_FAILURE_TEMPLATE
Add 403_csrf.html template to the project template directory.
As you can see in the source code django/views/csrf.py: if you have this template, it will be applied. Nothing needs to be configured.
Template content that you need to customize for your needs:
<div id="summary">
<h1>{{ title }} <span>(403)</span></h1>
<p>{{ main }}</p>
{% if no_referer %}
<p>{{ no_referer1 }}</p>
<p>{{ no_referer2 }}</p>
<p>{{ no_referer3 }}</p>
{% endif %}
{% if no_cookie %}
<p>{{ no_cookie1 }}</p>
<p>{{ no_cookie2 }}</p>
{% endif %}
</div>
Refer to the Django document, you can set CSRF_FAILURE_VIEW
in your settings.py
, such as:
CSRF_FAILURE_VIEW = 'your_app_name.views.csrf_failure'
Also, you'll need to define a csrf_failure
function in your view (need to have this signature: def csrf_failure(request, reason="")
based on the document), which is similar to :
def csrf_failure(request, reason=""):
ctx = {'message': 'some custom messages'}
return render_to_response(your_custom_template, ctx)
And you can write your custom template as:
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<title></title>
</head>
<body>
{{ message }}
</body>
</html>
As of Django 1.10, you can simply add and customize the 403_csrf.html
template: https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-CSRF_FAILURE_VIEW