Opened 2 years ago

Last modified 5 weeks ago

#21048 new Bug

Error page should not invoke callables passed through WSGI META structure

Reported by: ericbuehl Owned by: nobody
Component: Error reporting Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

WSGI servers such as Werkzeug pass callable methods that should NOT be called when the META structure is printed in places such as the debug response handler. http://werkzeug.pocoo.org/docs/serving/#shutting-down-the-server

When a Django view throws an error (with DEBUG=True) and is hosted by Werkzeug, it causes the server to silently shut down because the Django error page is blindly calling the shutdown method in order to pretty print the result for the error page.

I have included a pull request that I believe addresses this issue: https://github.com/django/django/pull/1546

Change History (7)

comment:1 Changed 2 years ago by ericbuehl

  • Easy pickings set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 2 years ago by polmuz

  • Patch needs improvement set
  • Triage Stage changed from Unreviewed to Accepted

comment:3 Changed 2 years ago by ericbuehl

  • Easy pickings unset

Continuation from closed pull request:

There is concern about the performance of looping over the META dict for every request as the patch is currently implemented. As far as I can tell, pep 333 does not make any mention of semantics around passing of callables in the environ dictionary. I agree that this is a bit wonky for Werkzeug to be doing this, but it's unacceptable for Django to be blindly invoking that callable at any point. How about one of the following options:

a) iterate through the META structure only when DEBUG==True
b) delay iteration until we enter the debug handler view

My vote is for option b. Thoughts?

comment:4 Changed 22 months ago by aaugustin

#21345 reports a similar issue for settings.

comment:5 Changed 17 months ago by timo

  • Component changed from Uncategorized to Core (Other)

comment:6 Changed 5 weeks ago by timgraham

Yes, adding logic to the debug view as done in #21345 seems okay.

comment:7 Changed 5 weeks ago by timgraham

  • Component changed from Core (Other) to Error reporting
Note: See TracTickets for help on using tickets.
Back to Top