django/docs/ref/views.txt

==============
Built-in Views
==============

.. module:: django.views
   :synopsis: Django's built-in views.

Several of Django's built-in views are documented in
:doc:`/topics/http/views` as well as elsewhere in the documentation.

Serving files in development
============================

.. function:: static.serve(request, path, document_root, show_indexes=False)

There may be files other than your project's static assets that, for
convenience, you'd like to have Django serve for you in local development.
The :func:`~django.views.static.serve` view can be used to serve any directory
you give it. (This view is **not** hardened for production use and should be
used only as a development aid; you should serve these files in production
using a real front-end web server).

The most likely example is user-uploaded content in :setting:`MEDIA_ROOT`.
``django.contrib.staticfiles`` is intended for static assets and has no
built-in handling for user-uploaded files, but you can have Django serve your
:setting:`MEDIA_ROOT` by appending something like this to your URLconf::

    from django.conf import settings
    from django.urls import re_path
    from django.views.static import serve

    # ... the rest of your URLconf goes here ...

    if settings.DEBUG:
        urlpatterns += [
            re_path(
                r"^media/(?P<path>.*)$",
                serve,
                {
                    "document_root": settings.MEDIA_ROOT,
                },
            ),
        ]

Note, the snippet assumes your :setting:`MEDIA_URL` has a value of
``'media/'``. This will call the :func:`~django.views.static.serve` view,
passing in the path from the URLconf and the (required) ``document_root``
parameter.

Since it can become a bit cumbersome to define this URL pattern, Django
ships with a small URL helper function :func:`~django.conf.urls.static.static`
that takes as parameters the prefix such as :setting:`MEDIA_URL` and a dotted
path to a view, such as ``'django.views.static.serve'``. Any other function
parameter will be transparently passed to the view.

.. _error-views:

Error views
===========

Django comes with a few views by default for handling HTTP errors. To override
these with your own custom views, see :ref:`customizing-error-views`.

.. _http_not_found_view:

The 404 (page not found) view
-----------------------------

.. function:: defaults.page_not_found(request, exception, template_name='404.html')

When you raise :exc:`~django.http.Http404` from within a view, Django loads a
special view devoted to handling 404 errors. By default, it's the view
:func:`django.views.defaults.page_not_found`, which either produces a "Not
Found" message or loads and renders the template ``404.html`` if you created it
in your root template directory.

The default 404 view will pass two variables to the template: ``request_path``,
which is the URL that resulted in the error, and ``exception``, which is a
useful representation of the exception that triggered the view (e.g. containing
any message passed to a specific ``Http404`` instance).

Three things to note about 404 views:

* The 404 view is also called if Django doesn't find a match after
  checking every regular expression in the URLconf.

* The 404 view is passed a :class:`~django.template.RequestContext` and
  will have access to variables supplied by your template context
  processors (e.g. ``MEDIA_URL``).

* If :setting:`DEBUG` is set to ``True`` (in your settings module), then
  your 404 view will never be used, and your URLconf will be displayed
  instead, with some debug information.

.. _http_internal_server_error_view:

The 500 (server error) view
---------------------------

.. function:: defaults.server_error(request, template_name='500.html')

Similarly, Django executes special-case behavior in the case of runtime errors
in view code. If a view results in an exception, Django will, by default, call
the view ``django.views.defaults.server_error``, which either produces a
"Server Error" message or loads and renders the template ``500.html`` if you
created it in your root template directory.

The default 500 view passes no variables to the ``500.html`` template and is
rendered with an empty ``Context`` to lessen the chance of additional errors.

If :setting:`DEBUG` is set to ``True`` (in your settings module), then
your 500 view will never be used, and the traceback will be displayed
instead, with some debug information.

.. _http_forbidden_view:

The 403 (HTTP Forbidden) view
-----------------------------

.. function:: defaults.permission_denied(request, exception, template_name='403.html')

In the same vein as the 404 and 500 views, Django has a view to handle 403
Forbidden errors. If a view results in a 403 exception then Django will, by
default, call the view ``django.views.defaults.permission_denied``.

This view loads and renders the template ``403.html`` in your root template
directory, or if this file does not exist, instead serves the text
"403 Forbidden", as per :rfc:`9110#section-15.5.4` (the HTTP 1.1
Specification). The template context contains ``exception``, which is the
string representation of the exception that triggered the view.

``django.views.defaults.permission_denied`` is triggered by a
:exc:`~django.core.exceptions.PermissionDenied` exception. To deny access in a
view you can use code like this::

    from django.core.exceptions import PermissionDenied


    def edit(request, pk):
        if not request.user.is_staff:
            raise PermissionDenied
        # ...

.. _http_bad_request_view:

The 400 (bad request) view
--------------------------

.. function:: defaults.bad_request(request, exception, template_name='400.html')

When a :exc:`~django.core.exceptions.SuspiciousOperation` is raised in Django,
it may be handled by a component of Django (for example resetting the session
data). If not specifically handled, Django will consider the current request a
'bad request' instead of a server error.

``django.views.defaults.bad_request``, is otherwise very similar to the
``server_error`` view, but returns with the status code 400 indicating that
the error condition was the result of a client operation. By default, nothing
related to the exception that triggered the view is passed to the template
context, as the exception message might contain sensitive information like
filesystem paths.

``bad_request`` views are also only used when :setting:`DEBUG` is ``False``.