id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
35646	SafeExceptionReporterFilter should filter settings and headers such as HTTP_AUTHORIZATION	Natalia Bidart	Natalia Bidart	"Following a report from Carlos Pastor:

> `HTTP_AUTHORIZATION` is not filtered out by django.views.debug.SafeExceptionReporterFilter.get_safe_request_meta.
> [...] Many frameworks use this header to store the session tokens, including django-rest-framework when used with the TokenAuthentication class. The token will leak by the default AdminEmailHandler class, as it is stored in this header.

Considering that sensitive data filtering is implemented as a ""best effort solution"" and that is documented accordingly (see [https://docs.djangoproject.com/en/dev/howto/error-reporting/#filtering-error-reports docs]), this ticket aims to harden `SafeExceptionReporterFilter`."	Cleanup/optimization	closed	Error reporting	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0