Opened 10 years ago
Last modified 5 years ago
#23004 closed New feature
Cleanse entries from request.META in debug views — at Initial Version
| Reported by: | Daniel Hahler | Owned by: | nobody |
|---|---|---|---|
| Component: | Error reporting | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Jack Laxson | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
In the debug views settings is cleansed, which hides e.g. SECRET_KEY.
But a lot of sensible information might also be present / come from request.META, e.g. in the form of DJANGO_SECRET_KEY or DATABASE_URL.
It might be sensible to apply a filter in TECHNICAL_500_TEMPLATE (source code reference: https://github.com/django/django/blob/master/django/views/debug.py#L972-977).
I see that this can be quite specific, but I think it would be sensible to apply HIDDEN_SETTINGS to all entries starting with DJANGO_ and have a setting for additional entries, which might default to DATABASE_URL and SENTRY_DSN.
Note:
See TracTickets
for help on using tickets.