#23004: Cleanse entries from request.META in debug views
---------------------------------+-----------------------------------------
Reporter: Daniel Hahler | Owner: Daniel Maxson
Type: New feature | Status: assigned
Component: Error reporting | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+-----------------------------------------
Description changed by Carlton Gibson:
Old description:
New description:
In the debug views `settings` is cleansed, which hides e.g. `SECRET_KEY`.
But a lot of sensible information might also be present / come from
`request.META`, e.g. in the form of `DJANGO_SECRET_KEY` or `DATABASE_URL`.
It might be sensible to apply a filter in `TECHNICAL_500_TEMPLATE` (source
code reference:
https://github.com/django/django/blob/master/django/views/debug.py#L972-977).
I see that this can be quite specific, but I think it would be sensible to
apply `HIDDEN_SETTINGS` to all entries starting with `DJANGO_` and have a
setting for additional entries, which might default to `DATABASE_URL` and
`SENTRY_DSN`.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:28>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.f5620a745fa31c33e0269d3d944f72f0%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
