Opened 5 years ago

Closed 5 years ago

#31380 closed New feature (fixed)

Deploy system check that DJANGO_ALLOW_ASYNC_UNSAFE is not set

Reported by: Adam Johnson Owned by: hashlash
Component: Core (System checks) Version: 3.0
Severity: Normal Keywords:
Cc: Andrew Godwin Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Django's async-safety feature disable itself if the environment variable DJANGO_ALLOW_ASYNC_UNSAFE is set to any value. This is useful for jupyter notebooks and similar, however it can lead to data loss in production.

I suggest a deploy-tagged system check that returns an error if it is set, to guard against it being used for production web traffic.

Attachments (1)

async-unsafe.diff (2.2 KB ) - added by hashlash 5 years ago.
Check DJANGO_ALLOW_ASYNC_UNSAFE on deployment implementation

Download all attachments as: .zip

Change History (14)

comment:1 by Carlton Gibson, 5 years ago

Triage Stage: UnreviewedAccepted

OK, a deployment (--deploy ) seems reasonable.

comment:2 by Andrew Godwin, 5 years ago

I concur that we need this!

comment:3 by Adam Johnson, 5 years ago

Anyone picking this up see previous system checks PR's for all the places to edit: https://github.com/django/django/pulls?q=is%3Apr+added+check+is%3Aclosed

by hashlash, 5 years ago

Attachment: async-unsafe.diff added

Check DJANGO_ALLOW_ASYNC_UNSAFE on deployment implementation

comment:4 by Adam Johnson, 5 years ago

@hashlash please make a PR on GitHub

Also I think the tag should be 'async', if we even need to add a tag.

Please also add documentation and release note.

in reply to:  4 comment:5 by hashlash, 5 years ago

Replying to Adam (Chainz) Johnson:

Also I think the tag should be 'async', if we even need to add a tag.

Something like this?

class Tags:
    ...
    async = 'async'
    ...

But async is a reserved word in Python. Or do you mean the string part only and leave the attribute as asyncio?

class Tags:
    ...
    asyncio = 'async'
    ...

comment:6 by Adam Johnson, 5 years ago

Forgot it's a reserved word.

I think we want to avoid 'asyncio' since that's a specific library, and in theory async stuff can move to other async libraries like curio / trio. Maybe 'asgi' is a better tag, since that's the target framework for django async stuff. Or we could use async_ = 'async' as the tag, acknowledging it's a reserved word.

in reply to:  6 comment:7 by hashlash, 5 years ago

Has patch: set
Needs documentation: set
Owner: changed from nobody to hashlash
Status: newassigned

Replying to Adam (Chainz) Johnson:

I think we want to avoid 'asyncio' since that's a specific library, and in theory async stuff can move to other async libraries like curio / trio. Maybe 'asgi' is a better tag, since that's the target framework for django async stuff. Or we could use async_ = 'async' as the tag, acknowledging it's a reserved word.

I'll take asgi and will make the PR. Tell if anybody has any thoughts about the naming

Version 0, edited 5 years ago by hashlash (next)

comment:8 by hashlash, 5 years ago

PR: https://github.com/django/django/pull/12596

Haven't submitted the documentation and release note yet. Will update soon

comment:9 by hashlash, 5 years ago

Needs documentation: unset

Updated in PR

Last edited 5 years ago by hashlash (previous) (diff)

comment:10 by Carlton Gibson, 5 years ago

Needs documentation: set

There's just a couple of docs comments on the PR. (Then this looks good to go.)

@hashlash: Please uncheck Needs documentation when done, to make sure we see it quickly.

Thanks!

comment:11 by hashlash, 5 years ago

Needs documentation: unset

Updated in PR

comment:12 by Mariusz Felisiak, 5 years ago

Component: UtilitiesCore (System checks)
Triage Stage: AcceptedReady for checkin

comment:13 by Mariusz Felisiak <felisiak.mariusz@…>, 5 years ago

Resolution: fixed
Status: assignedclosed

In 4a6f2b6:

Fixed #31380 -- Added deployment system check for DJANGO_ALLOW_ASYNC_UNSAFE environment variable.

Note: See TracTickets for help on using tickets.
Back to Top