docs/ref/views.txt
==============
Built-in Views
==============
.. module:: django.views
:synopsis: Django's built-in views.
Several of Django's built-in views are documented in
:doc:`/topics/http/views` as well as elsewhere in the documentation.
Serving files in development
============================
.. function:: static.serve(request, path, document_root, show_indexes=False)
There may be files other than your project's static assets that, for
convenience, you'd like to have Django serve for you in local development.
The :func:`~django.views.static.serve` view can be used to serve any directory
you give it. (This view is **not** hardened for production use and should be
used only as a development aid; you should serve these files in production
using a real front-end web server).
The most likely example is user-uploaded content in :setting:`MEDIA_ROOT`.
``django.contrib.staticfiles`` is intended for static assets and has no
built-in handling for user-uploaded files, but you can have Django serve your
:setting:`MEDIA_ROOT` by appending something like this to your URLconf::
from django.conf import settings
from django.urls import re_path
from django.views.static import serve
# ... the rest of your URLconf goes here ...
if settings.DEBUG:
urlpatterns += [
re_path(
r"^media/(?P<path>.*)$",
serve,
{
"document_root": settings.MEDIA_ROOT,
},
),
]
Note, the snippet assumes your :setting:`MEDIA_URL` has a value of
``'media/'``. This will call the :func:`~django.views.static.serve` view,
passing in the path from the URLconf and the (required) ``document_root``
parameter.
Since it can become a bit cumbersome to define this URL pattern, Django
ships with a small URL helper function :func:`~django.conf.urls.static.static`
that takes as parameters the prefix such as :setting:`MEDIA_URL` and a dotted
path to a view, such as ``'django.views.static.serve'``. Any other function
parameter will be transparently passed to the view.
.. _error-views:
Error views
===========
Django comes with a few views by default for handling HTTP errors. To override
these with your own custom views, see :ref:`customizing-error-views`.
.. _http_not_found_view:
The 404 (page not found) view
-----------------------------
.. function:: defaults.page_not_found(request, exception, template_name='404.html')
When you raise :exc:`~django.http.Http404` from within a view, Django loads a
special view devoted to handling 404 errors. By default, it's the view
:func:`django.views.defaults.page_not_found`, which either produces a "Not
Found" message or loads and renders the template ``404.html`` if you created it
in your root template directory.
The default 404 view will pass two variables to the template: ``request_path``,
which is the URL that resulted in the error, and ``exception``, which is a
useful representation of the exception that triggered the view (e.g. containing
any message passed to a specific ``Http404`` instance).
Three things to note about 404 views:
* The 404 view is also called if Django doesn't find a match after
checking every regular expression in the URLconf.
* The 404 view is passed a :class:`~django.template.RequestContext` and
will have access to variables supplied by your template context
processors (e.g. ``MEDIA_URL``).
* If :setting:`DEBUG` is set to ``True`` (in your settings module), then
your 404 view will never be used, and your URLconf will be displayed
instead, with some debug information.
.. _http_internal_server_error_view:
The 500 (server error) view
---------------------------
.. function:: defaults.server_error(request, template_name='500.html')
Similarly, Django executes special-case behavior in the case of runtime errors
in view code. If a view results in an exception, Django will, by default, call
the view ``django.views.defaults.server_error``, which either produces a
"Server Error" message or loads and renders the template ``500.html`` if you
created it in your root template directory.
The default 500 view passes no variables to the ``500.html`` template and is
rendered with an empty ``Context`` to lessen the chance of additional errors.
If :setting:`DEBUG` is set to ``True`` (in your settings module), then
your 500 view will never be used, and the traceback will be displayed
instead, with some debug information.
.. _http_forbidden_view:
The 403 (HTTP Forbidden) view
-----------------------------
.. function:: defaults.permission_denied(request, exception, template_name='403.html')
In the same vein as the 404 and 500 views, Django has a view to handle 403
Forbidden errors. If a view results in a 403 exception then Django will, by
default, call the view ``django.views.defaults.permission_denied``.
This view loads and renders the template ``403.html`` in your root template
directory, or if this file does not exist, instead serves the text
"403 Forbidden", as per :rfc:`9110#section-15.5.4` (the HTTP 1.1
Specification). The template context contains ``exception``, which is the
string representation of the exception that triggered the view.
``django.views.defaults.permission_denied`` is triggered by a
:exc:`~django.core.exceptions.PermissionDenied` exception. To deny access in a
view you can use code like this::
from django.core.exceptions import PermissionDenied
def edit(request, pk):
if not request.user.is_staff:
raise PermissionDenied
# ...
.. _http_bad_request_view:
The 400 (bad request) view
--------------------------
.. function:: defaults.bad_request(request, exception, template_name='400.html')
When a :exc:`~django.core.exceptions.SuspiciousOperation` is raised in Django,
it may be handled by a component of Django (for example resetting the session
data). If not specifically handled, Django will consider the current request a
'bad request' instead of a server error.
``django.views.defaults.bad_request``, is otherwise very similar to the
``server_error`` view, but returns with the status code 400 indicating that
the error condition was the result of a client operation. By default, nothing
related to the exception that triggered the view is passed to the template
context, as the exception message might contain sensitive information like
filesystem paths.
``bad_request`` views are also only used when :setting:`DEBUG` is ``False``.