Cleanse entries from request.META in debug views
|Reported by:||Daniel Hahler||Owned by:||nobody|
|Cc:||Jack Laxson||Triage Stage:||Accepted|
|Has patch:||yes||Needs documentation:||yes|
|Needs tests:||yes||Patch needs improvement:||no|
In the debug views
settings is cleansed, which hides e.g.
But a lot of sensible information might also be present / come from
request.META, e.g. in the form of
It might be sensible to apply a filter in
TECHNICAL_500_TEMPLATE (source code reference: https://github.com/django/django/blob/master/django/views/debug.py#L972-977).
I see that this can be quite specific, but I think it would be sensible to apply
HIDDEN_SETTINGS to all entries starting with
DJANGO_ and have a setting for additional entries, which might default to