#23004: Cleanse entries from request.META in debug views
------------------------------+--------------------
Reporter: blueyed | Owner: nobody
Type: New feature | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
In the debug views `settings` is cleansed, which hides e.g. `SECRET_KEY`.
But a lot of sensible information might also be present / come from
`request.META`, e.g. in the form of `DJANGO_SECRET_KEY` or `DATABASE_URL`.
It might be sensible to apply a filter in `TECHNICAL_500_TEMPLATE` (source
code reference:
https://github.com/django/django/blob/master/django/views/debug.py#L972-977).
I see that this can be quite specific, but I think it would be sensible to
apply `HIDDEN_SETTINGS` to all entries starting with `DJANGO_` and have a
setting for additional entries, which might default to `DATABASE_URL` and
`SENTRY_DSN`.
--
Ticket URL: <https://code.djangoproject.com/ticket/23004>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/050.af40aeaef1bb3f7a85c5cfcdde3adcd6%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
