Changes between Initial Version and Version 1 of Ticket #33090
- Timestamp:
- Sep 8, 2021, 8:54:40 AM (3 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #33090 – Description
initial v1 1 With the current implement of the `@sensitive_post_parameters` decorator, the request is not marked until the view is executed. This means that the filtering cannot be applied to reports generated by exceptions in the middleware.1 With the current implementation of the `@sensitive_post_parameters` decorator, the request is not marked until the view is executed. This means that the filtering cannot be applied to reports generated by exceptions in the middleware. 2 2 3 3 Filtering is always best-effort, and [https://docs.djangoproject.com/en/3.2/howto/error-reporting/#filtering-error-reports all the usual caveats apply] but discussion by the Django Security Team suggests that it would be feasible mark the request before processing the middleware, thus allowing the filtering in error reports even for middleware exceptions.