Merge branch 'main' into add-data-access-validation-tests

docs/api-guide/authentication.md

@@ -293,7 +293,8 @@ Unauthenticated responses that are denied permission will result in an `HTTP 403
 
 If you're using an AJAX-style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as `PUT`, `PATCH`, `POST` or `DELETE` requests.  See the [Django CSRF documentation][csrf-ajax] for more details.
 
-**Warning**: Always use Django's standard login view when creating login pages. This will ensure your login views are properly protected.
+!!! warning
+    Always use Django's standard login view when creating login pages. This will ensure your login views are properly protected.
 
 CSRF validation in REST framework works slightly differently from standard Django due to the need to support both session and non-session based authentication to the same views. This means that only authenticated requests require CSRF tokens, and anonymous requests may be sent without CSRF tokens. This behavior is not suitable for login views, which should always have CSRF validation applied.
 

docs/api-guide/renderers.md

@@ -444,13 +444,10 @@ Modify your REST framework settings.
 
 [REST framework JSONP][rest-framework-jsonp] provides JSONP rendering support. It was previously included directly in the REST framework package, and is now instead supported as a third-party package.
 
----
+!!! warning
+    If you require cross-domain AJAX requests, you should generally be using the more modern approach of [CORS][cors] as an alternative to `JSONP`. See the [CORS documentation][cors-docs] for more details.
 
-**Warning**: If you require cross-domain AJAX requests, you should generally be using the more modern approach of [CORS][cors] as an alternative to `JSONP`. See the [CORS documentation][cors-docs] for more details.
-
-The `jsonp` approach is essentially a browser hack, and is [only appropriate for globally readable API endpoints][jsonp-security], where `GET` requests are unauthenticated and do not require any user permissions.
-
----
+    The `jsonp` approach is essentially a browser hack, and is [only appropriate for globally readable API endpoints][jsonp-security], where `GET` requests are unauthenticated and do not require any user permissions.
 
 #### Installation & configuration
 

docs/api-guide/viewsets.md

@@ -57,7 +57,8 @@ Typically we wouldn't do this, but would instead register the viewset with a rou
     router.register(r'users', UserViewSet, basename='user')
     urlpatterns = router.urls
 
-**Warning**: Do not use `.as_view()` with `@action` methods. It bypasses router setup and may ignore action settings like `permission_classes`. Use `DefaultRouter` for actions.
+!!! warning
+    Do not use `.as_view()` with `@action` methods. It bypasses router setup and may ignore action settings like `permission_classes`. Use `DefaultRouter` for actions.
 
 Rather than writing your own viewsets, you'll often want to use the existing base classes that provide a default set of behavior.  For example:
 

docs_theme/css/default.css

@@ -452,4 +452,16 @@ ul.sponsor {
   margin:  0 -.6rem 1em;
   padding: 0.4rem 0.6rem;
 }
+.admonition.warning {
+  border: .075rem solid #ff9844;
+}
+.admonition.warning .admonition-title {
+  background: #ff98441a;
+}
+.admonition.danger {
+  border: .075rem solid #f63a3a;
+}
+.admonition.danger .admonition-title {
+  background: #f63a3a1a;
+}