Empty settings.SECRET_KEY should raise an error
|Reported by:||PaulM||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Django does not complain if the SECRET_KEY is left to the default value. It should at least raise a warning, and (imho) should really raise an error.
If we do allow Django to run with an empty secret key, we should raise an error if an attempt is made to use cookie-based sessions.
Change History (9)
Changed 2 years ago by aaugustin
comment:2 Changed 2 years ago by aaugustin
- Resolution set to fixed
- Status changed from new to closed