Opened 2 years ago

Last modified 3 months ago

#21048 new Bug

Error page should not invoke callables passed through WSGI META structure

Reported by: ericbuehl Owned by: nobody
Component: Error reporting Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no


WSGI servers such as Werkzeug pass callable methods that should NOT be called when the META structure is printed in places such as the debug response handler.

When a Django view throws an error (with DEBUG=True) and is hosted by Werkzeug, it causes the server to silently shut down because the Django error page is blindly calling the shutdown method in order to pretty print the result for the error page.

I have included a pull request that I believe addresses this issue:

Change History (7)

comment:1 Changed 2 years ago by ericbuehl

  • Easy pickings set
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 2 years ago by polmuz

  • Patch needs improvement set
  • Triage Stage changed from Unreviewed to Accepted

comment:3 Changed 2 years ago by ericbuehl

  • Easy pickings unset

Continuation from closed pull request:

There is concern about the performance of looping over the META dict for every request as the patch is currently implemented. As far as I can tell, pep 333 does not make any mention of semantics around passing of callables in the environ dictionary. I agree that this is a bit wonky for Werkzeug to be doing this, but it's unacceptable for Django to be blindly invoking that callable at any point. How about one of the following options:

a) iterate through the META structure only when DEBUG==True
b) delay iteration until we enter the debug handler view

My vote is for option b. Thoughts?

comment:4 Changed 2 years ago by aaugustin

#21345 reports a similar issue for settings.

comment:5 Changed 18 months ago by timo

  • Component changed from Uncategorized to Core (Other)

comment:6 Changed 3 months ago by timgraham

Yes, adding logic to the debug view as done in #21345 seems okay.

comment:7 Changed 3 months ago by timgraham

  • Component changed from Core (Other) to Error reporting
Note: See TracTickets for help on using tickets.
Back to Top