You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The custom template (403.html) was not displayed for a 403 error. It was a csrf 403, not a regular 403 error.
What should've happened instead?
The 403.html template should have been displayed.
Additional details
Reproduce (all tests pass):
fromunittest.mockimportpatchfromdjango.confimportsettingsfromdjango.testimportClient, override_settingsfromdjango.urlsimportreversefromdjango.viewsimportdefaultsasdefault_viewsclassTestCsrfTemplatesInUse:
@override_settings(DEBUG=True)deftest_403_csrf_debug_enabled(self):
csrf_client=Client(enforce_csrf_checks=True)
csrf_client.cookies.load({settings.CSRF_COOKIE_NAME: "notavalidtoken"})
response=csrf_client.post(reverse("account_login"))
# Show that CSRF_FAILURE_TEMPLATE is unexpectedly being used instead of using the project's custom "403.html".# https://github.com/django/django/blob/main/django/views/csrf.py#L15-L100assert'CSRF verification failed. Request aborted.'instr(response.content)
@override_settings(DEBUG=False)deftest_403_csrf_debug_disabled(self):
csrf_client=Client(enforce_csrf_checks=True)
csrf_client.cookies.load({settings.CSRF_COOKIE_NAME: "notavalidtoken"})
response=csrf_client.post(reverse("account_login"))
# Show that CSRF_FAILURE_TEMPLATE is unexpectedly being used instead of using the project's custom "403.html".# https://github.com/django/django/blob/main/django/views/csrf.py#L15-L100assert'CSRF verification failed. Request aborted.'instr(response.content)
@patch("django.views.generic.base.TemplateView.get")deftest_403_non_csrf(self, template_view_get):
defget(request, *args, **kwargs):
returndefault_views.permission_denied(request, Exception("Permission Denied"))
template_view_get.side_effect=getclient=Client()
response=client.get(reverse("home"))
# Show that non-csrf 403 errors are showing the 403.html template.assertresponse.templates[0].name=='403.html'
Fix:
$ cd {{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/templates/
$ cp 403.html 403_csrf.html
The text was updated successfully, but these errors were encountered:
What happened?
The custom template (403.html) was not displayed for a 403 error. It was a csrf 403, not a regular 403 error.
What should've happened instead?
The 403.html template should have been displayed.
Additional details
Reproduce (all tests pass):
Fix:
$ cd {{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/templates/ $ cp 403.html 403_csrf.html
The text was updated successfully, but these errors were encountered: