Built-in Views

Several of Django's built-in views are documented inWriting views as well as elsewhere in the documentation.

Serving files in development

  • static.serve(request, path, document_root, show_indexes=False)
  • There may be files other than your project's static assets that, forconvenience, you'd like to have Django serve for you in local development.The serve() view can be used to serve any directoryyou give it. (This view is not hardened for production use and should beused only as a development aid; you should serve these files in productionusing a real front-end web server).

The most likely example is user-uploaded content in MEDIA_ROOT.django.contrib.staticfiles is intended for static assets and has nobuilt-in handling for user-uploaded files, but you can have Django serve yourMEDIA_ROOT by appending something like this to your URLconf:

  1. from django.conf import settings
  2. from django.urls import re_path
  3. from django.views.static import serve
  4.  
  5. # ... the rest of your URLconf goes here ...
  6.  
  7. if settings.DEBUG:
  8. urlpatterns += [
  9. re_path(r'^media/(?P<path>.*)$', serve, {
  10. 'document_root': settings.MEDIA_ROOT,
  11. }),
  12. ]

Note, the snippet assumes your MEDIA_URL has a value of'/media/'. This will call the serve() view,passing in the path from the URLconf and the (required) document_rootparameter.

Since it can become a bit cumbersome to define this URL pattern, Djangoships with a small URL helper function static()that takes as parameters the prefix such as MEDIA_URL and a dottedpath to a view, such as 'django.views.static.serve'. Any other functionparameter will be transparently passed to the view.

Error views

Django comes with a few views by default for handling HTTP errors. To overridethese with your own custom views, see Customizing error views.

The 404 (page not found) view

  • defaults.pagenot_found(_request, exception, template_name='404.html')
  • When you raise Http404 from within a view, Django loads aspecial view devoted to handling 404 errors. By default, it's the viewdjango.views.defaults.page_not_found(), which either produces a verysimple "Not Found" message or loads and renders the template 404.html ifyou created it in your root template directory.

The default 404 view will pass two variables to the template: request_path,which is the URL that resulted in the error, and exception, which is auseful representation of the exception that triggered the view (e.g. containingany message passed to a specific Http404 instance).

Three things to note about 404 views:

  • The 404 view is also called if Django doesn't find a match afterchecking every regular expression in the URLconf.
  • The 404 view is passed a RequestContext andwill have access to variables supplied by your template contextprocessors (e.g. MEDIA_URL).
  • If DEBUG is set to True (in your settings module), thenyour 404 view will never be used, and your URLconf will be displayedinstead, with some debug information.

The 500 (server error) view

  • defaults.servererror(_request, template_name='500.html')
  • Similarly, Django executes special-case behavior in the case of runtime errorsin view code. If a view results in an exception, Django will, by default, callthe view django.views.defaults.server_error, which either produces a verysimple "Server Error" message or loads and renders the template 500.html ifyou created it in your root template directory.

The default 500 view passes no variables to the 500.html template and isrendered with an empty Context to lessen the chance of additional errors.

If DEBUG is set to True (in your settings module), thenyour 500 view will never be used, and the traceback will be displayedinstead, with some debug information.

The 403 (HTTP Forbidden) view

  • defaults.permissiondenied(_request, exception, template_name='403.html')
  • In the same vein as the 404 and 500 views, Django has a view to handle 403Forbidden errors. If a view results in a 403 exception then Django will, bydefault, call the view django.views.defaults.permission_denied.

This view loads and renders the template 403.html in your root templatedirectory, or if this file does not exist, instead serves the text"403 Forbidden", as per RFC 7231#section-6.5.3 (the HTTP 1.1 Specification).The template context contains exception, which is the stringrepresentation of the exception that triggered the view.

django.views.defaults.permission_denied is triggered by aPermissionDenied exception. To deny access in aview you can use code like this:

  1. from django.core.exceptions import PermissionDenied
  2.  
  3. def edit(request, pk):
  4. if not request.user.is_staff:
  5. raise PermissionDenied
  6. # ...

The 400 (bad request) view

  • defaults.badrequest(_request, exception, template_name='400.html')
  • When a SuspiciousOperation is raised in Django,it may be handled by a component of Django (for example resetting the sessiondata). If not specifically handled, Django will consider the current request a'bad request' instead of a server error.

django.views.defaults.bad_request, is otherwise very similar to theserver_error view, but returns with the status code 400 indicating thatthe error condition was the result of a client operation. By default, nothingrelated to the exception that triggered the view is passed to the templatecontext, as the exception message might contain sensitive information likefilesystem paths.

bad_request views are also only used when DEBUG is False.