#23004: Cleanse entries from request.META in debug views
---------------------------------+-----------------------------------------
Reporter: Daniel Hahler | Owner: Daniel Maxson
Type: New feature | Status: assigned
Component: Error reporting | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+-----------------------------------------
Description changed by Carlton Gibson:
Old description:
New description:
In the debug views `settings` is cleansed, which hides e.g. `SECRET_KEY`.
But a lot of sensible information might also be present / come from
`request.META`, e.g. in the form of `DJANGO_SECRET_KEY` or `DATABASE_URL`.
It might be sensible to apply a filter in `TECHNICAL_500_TEMPLATE` (source
code reference:
https://github.com/django/django/blob/master/django/views/debug.py#L972-977).
I see that this can be quite specific, but I think it would be sensible to
apply `HIDDEN_SETTINGS` to all entries starting with `DJANGO_` and have a
setting for additional entries, which might default to `DATABASE_URL` and
`SENTRY_DSN`.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:28>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.f5620a745fa31c33e0269d3d944f72f0%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
