Changes between Initial Version and Version 1 of Ticket #36542, comment 8
- Timestamp:
- Mar 21, 2026, 9:00:59 AM (2 weeks ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #36542, comment 8
initial v1 3 3 - If `DEBUG` is `False`, both sensitive variables and sensitive post parameters are always cleaned/redacted from debug-reports. This holds, even when `include_html=True`. 4 4 - As far as I can tell, all of the built-in auth views are decorated with the appropriate `sensitive_post_parameters` decorators. 5 - The admin login views use the aforementioned built-in views for most of the heavy lifting, and so are protected to. (This is because even if the “top-level” view isn’t decorated, `sensitive_post_parameters` gets set on the request further down - which is all that matters).5 - The admin login/user views use the aforementioned built-in views for most of the heavy lifting, and so are protected to. (This is because even if the “top-level” view isn’t decorated, `sensitive_post_parameters` gets set on the request further down - which is all that matters). 6 6 - Most of the associated authentication functions are decorated with the appropriate sensitive_variables decorators. 7 7