Fixed #9847 -- Added 403 response handler. Many thanks to kgrandis,... (1ca6e9b9) · Commits · Dom Sekotill / django

AUTHORS

+1 −0

Original line number	Diff line number	Diff line
		@@ -457,6 +457,7 @@ answer newbie questions, and generally made Django that much better:
		Ben Slavin <benjamin.slavin@gmail.com>
		sloonz <simon.lipp@insa-lyon.fr>
		Paul Smith <blinkylights23@gmail.com>
		Steven L. Smith (fvox13) <steven@stevenlsmith.com>
		Warren Smith <warren@wandrsmith.net>
		smurf@smurf.noris.de
		Vsevolod Solovyov

django/conf/urls/defaults.py

+1 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,7 @@ from django.utils.importlib import import_module

		__all__ = ['handler404', 'handler500', 'include', 'patterns', 'url']

		handler403 = 'django.views.defaults.permission_denied'
		handler404 = 'django.views.defaults.page_not_found'
		handler500 = 'django.views.defaults.server_error'

django/core/handlers/base.py

+16 −6

Original line number	Diff line number	Diff line
		@@ -154,12 +154,22 @@ class BaseHandler(object):
		finally:
		receivers = signals.got_request_exception.send(sender=self.__class__, request=request)
		except exceptions.PermissionDenied:
		logger.warning('Forbidden (Permission denied): %s' % request.path,
		logger.warning(
		'Forbidden (Permission denied): %s' % request.path,
		extra={
		'status_code': 403,
		'request': request
		})
		response = http.HttpResponseForbidden('<h1>Permission denied</h1>')
		try:
		callback, param_dict = resolver.resolve403()
		response = callback(request, **param_dict)
		except:
		try:
		response = self.handle_uncaught_exception(request,
		resolver, sys.exc_info())
		finally:
		receivers = signals.got_request_exception.send(
		sender=self.__class__, request=request)
		except SystemExit:
		# Allow sys.exit() to actually exit. See tickets #1023 and #4701
		raise

django/core/urlresolvers.py

+3 −0

Original line number	Diff line number	Diff line
		@@ -331,6 +331,9 @@ class RegexURLResolver(LocaleRegexProvider):
		callback = getattr(defaults, 'handler%s' % view_type)
		return get_callable(callback), {}

		def resolve403(self):
		return self._resolve_special('403')

		def resolve404(self):
		return self._resolve_special('404')

django/views/defaults.py

+26 −3

Original line number	Diff line number	Diff line
		from django import http
		from django.template import (Context, RequestContext,
		loader, TemplateDoesNotExist)
		from django.views.decorators.csrf import requires_csrf_token
		from django.template import Context, RequestContext, loader


		# This can be called when CsrfViewMiddleware.process_view has not run, therefore
		# need @requires_csrf_token in case the template needs {% csrf_token %}.
		# This can be called when CsrfViewMiddleware.process_view has not run,
		# therefore need @requires_csrf_token in case the template needs
		# {% csrf_token %}.
		@requires_csrf_token
		def page_not_found(request, template_name='404.html'):
		"""
		@@ -31,6 +33,27 @@ def server_error(request, template_name='500.html'):
		return http.HttpResponseServerError(t.render(Context({})))


		# This can be called when CsrfViewMiddleware.process_view has not run,
		# therefore need @requires_csrf_token in case the template needs
		# {% csrf_token %}.
		@requires_csrf_token
		def permission_denied(request, template_name='403.html'):
		"""
		Permission denied (403) handler.

		Templates: `403.html`
		Context: None

		If the template does not exist, an Http403 response containing the text
		"403 Forbidden" (as per RFC 2616) will be returned.
		"""
		try:
		template = loader.get_template(template_name)
		except TemplateDoesNotExist:
		return http.HttpResponseForbidden('<h1>403 Forbidden</h1>')
		return http.HttpResponseForbidden(template.render(RequestContext(request)))


		def shortcut(request, content_type_id, object_id):
		# TODO: Remove this in Django 2.0.
		# This is a legacy view that depends on the contenttypes framework.