Changes between Initial Version and Version 20 of Ticket #23004


Ignore:
Timestamp:
Apr 13, 2019, 3:01:23 PM (6 years ago)
Author:
Ryan Castner
Comment:

I'm not entirely sure we need that big of a change for this ticket, especially considering that this is a DEBUG=True

That is sort of frustrating because this was my original PR

https://github.com/django/django/pull/7996/files

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #23004

    • Property Triage Stage UnreviewedAccepted
    • Property Cc Jack Laxson added
    • Property Component Core (Other)Error reporting
    • Property Has patch set
    • Property Owner changed from nobody to Daniel Maxson
    • Property Status newassigned

  • Ticket #23004 – Description

    initial v20  
    1 In the debug views `settings` is cleansed, which hides e.g. `SECRET_KEY`.
    2 
    3 But a lot of sensible information might also be present / come from `request.META`, e.g. in the form of `DJANGO_SECRET_KEY` or `DATABASE_URL`.
    4 
    5 It might be sensible to apply a filter in `TECHNICAL_500_TEMPLATE` (source code reference: https://github.com/django/django/blob/master/django/views/debug.py#L972-977).
    6 
    7 I see that this can be quite specific, but I think it would be sensible to apply `HIDDEN_SETTINGS` to all entries starting with `DJANGO_` and have a setting for additional entries, which might default to `DATABASE_URL` and `SENTRY_DSN`.
Back to Top