From 3a70eb2ff6f5a7ed25b0f5dc0867578beb176a60 Mon Sep 17 00:00:00 2001 From: Bruno Alla Date: Tue, 9 Dec 2025 14:08:06 +0100 Subject: [PATCH] Style warnings using admonition (#9844) https://python-markdown.github.io/extensions/admonition/ --- docs/api-guide/authentication.md | 3 ++- docs/api-guide/renderers.md | 9 +++------ docs/api-guide/viewsets.md | 3 ++- docs_theme/css/default.css | 12 ++++++++++++ 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index 2f4d42959..2014265cf 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -293,7 +293,8 @@ Unauthenticated responses that are denied permission will result in an `HTTP 403 If you're using an AJAX-style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as `PUT`, `PATCH`, `POST` or `DELETE` requests. See the [Django CSRF documentation][csrf-ajax] for more details. -**Warning**: Always use Django's standard login view when creating login pages. This will ensure your login views are properly protected. +!!! warning + Always use Django's standard login view when creating login pages. This will ensure your login views are properly protected. CSRF validation in REST framework works slightly differently from standard Django due to the need to support both session and non-session based authentication to the same views. This means that only authenticated requests require CSRF tokens, and anonymous requests may be sent without CSRF tokens. This behavior is not suitable for login views, which should always have CSRF validation applied. diff --git a/docs/api-guide/renderers.md b/docs/api-guide/renderers.md index 2801c53da..a10eaa6ec 100644 --- a/docs/api-guide/renderers.md +++ b/docs/api-guide/renderers.md @@ -444,13 +444,10 @@ Modify your REST framework settings. [REST framework JSONP][rest-framework-jsonp] provides JSONP rendering support. It was previously included directly in the REST framework package, and is now instead supported as a third-party package. ---- +!!! warning + If you require cross-domain AJAX requests, you should generally be using the more modern approach of [CORS][cors] as an alternative to `JSONP`. See the [CORS documentation][cors-docs] for more details. -**Warning**: If you require cross-domain AJAX requests, you should generally be using the more modern approach of [CORS][cors] as an alternative to `JSONP`. See the [CORS documentation][cors-docs] for more details. - -The `jsonp` approach is essentially a browser hack, and is [only appropriate for globally readable API endpoints][jsonp-security], where `GET` requests are unauthenticated and do not require any user permissions. - ---- + The `jsonp` approach is essentially a browser hack, and is [only appropriate for globally readable API endpoints][jsonp-security], where `GET` requests are unauthenticated and do not require any user permissions. #### Installation & configuration diff --git a/docs/api-guide/viewsets.md b/docs/api-guide/viewsets.md index 08b3f5b10..6c818fbb7 100644 --- a/docs/api-guide/viewsets.md +++ b/docs/api-guide/viewsets.md @@ -57,7 +57,8 @@ Typically we wouldn't do this, but would instead register the viewset with a rou router.register(r'users', UserViewSet, basename='user') urlpatterns = router.urls -**Warning**: Do not use `.as_view()` with `@action` methods. It bypasses router setup and may ignore action settings like `permission_classes`. Use `DefaultRouter` for actions. +!!! warning + Do not use `.as_view()` with `@action` methods. It bypasses router setup and may ignore action settings like `permission_classes`. Use `DefaultRouter` for actions. Rather than writing your own viewsets, you'll often want to use the existing base classes that provide a default set of behavior. For example: diff --git a/docs_theme/css/default.css b/docs_theme/css/default.css index dfde26293..aa0016108 100644 --- a/docs_theme/css/default.css +++ b/docs_theme/css/default.css @@ -452,4 +452,16 @@ ul.sponsor { margin: 0 -.6rem 1em; padding: 0.4rem 0.6rem; } +.admonition.warning { + border: .075rem solid #ff9844; +} +.admonition.warning .admonition-title { + background: #ff98441a; +} +.admonition.danger { + border: .075rem solid #f63a3a; +} +.admonition.danger .admonition-title { + background: #f63a3a1a; +}