[Django] #23004: Cleanse entries from request.META in debug views

classic Classic list List threaded Threaded
31 messages Options
12
Reply | Threaded
Open this post in threaded view
|

[Django] #23004: Cleanse entries from request.META in debug views

Django
#23004: Cleanse entries from request.META in debug views
------------------------------+--------------------
     Reporter:  blueyed       |      Owner:  nobody
         Type:  New feature   |     Status:  new
    Component:  Core (Other)  |    Version:  master
     Severity:  Normal        |   Keywords:
 Triage Stage:  Unreviewed    |  Has patch:  0
Easy pickings:  0             |      UI/UX:  0
------------------------------+--------------------
 In the debug views `settings` is cleansed, which hides e.g. `SECRET_KEY`.

 But a lot of sensible information might also be present / come from
 `request.META`, e.g. in the form of `DJANGO_SECRET_KEY` or `DATABASE_URL`.

 It might be sensible to apply a filter in `TECHNICAL_500_TEMPLATE` (source
 code reference:
 https://github.com/django/django/blob/master/django/views/debug.py#L972-977).

 I see that this can be quite specific, but I think it would be sensible to
 apply `HIDDEN_SETTINGS` to all entries starting with `DJANGO_` and have a
 setting for additional entries, which might default to `DATABASE_URL` and
 `SENTRY_DSN`.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/050.af40aeaef1bb3f7a85c5cfcdde3adcd6%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
#23004: Cleanse entries from request.META in debug views
------------------------------+--------------------------------------
     Reporter:  blueyed       |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  Core (Other)  |                  Version:  master
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Unreviewed
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+--------------------------------------
Changes (by blueyed):

 * needs_better_patch:   => 0
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 I have noticed that the environment variables do not appear to be present
 when using Django's test.Client / live_server.

 Shouldn't the test client's request.meta also include os.environ?

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.9140f806b7572e6d7fe841f136481a60%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
------------------------------+------------------------------------
     Reporter:  blueyed       |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  Core (Other)  |                  Version:  master
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+------------------------------------
Changes (by timo):

 * stage:  Unreviewed => Accepted


Comment:

 I would do something like move the `cleanse_setting()` function to a
 method on `ExceptionReporterFilter` and make things like `HIDDEN_SETTINGS`
 attributes. You could then easily override them in a subclass to avoid
 introducing more global settings.

 Regarding your comment, it's a separate issue but I don't think the test
 client should include `os.environ`.  You shouldn't rely on environment
 variables in your views.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.ed1eff35041966f55c2535cd6966db67%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
------------------------------+------------------------------------
     Reporter:  blueyed       |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  Core (Other)  |                  Version:  master
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+------------------------------------

Comment (by blueyed):

 Just answering to the separate issue from the comment about `request.META`
 - I do not have time to provide a patch for this issue myself, but thanks
 for accepting it and outlining how it could be done!

 > Regarding your comment, it's a separate issue but I don't think the test
 client should include os.environ. You shouldn't rely on environment
 variables in your views.

 It's more that I want to test for e.g. `assert settings.SECRET_KEY not in
 response.content` (for a "500" page), and was surprised that
 `request.META` in the test client is different from runserver/uwsgi. I
 have created a new issue for it:
 https://code.djangoproject.com/ticket/23006

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.b7580af7b54157dd9d115467e6a18fb5%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
------------------------------+------------------------------------
     Reporter:  blueyed       |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  Core (Other)  |                  Version:  master
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+------------------------------------

Comment (by sthzg):

 I am interested in this topic and started experimenting with @timo's
 suggestions. I hope it is okay to put some questions here, because I am
 not completely sure about the scope of it and would be interested in your
 opinion.

 ---

 After reading through the code, the {{{cleanse_setting()}}} method seems
 to only be relevant to parsing values from the settings. Cleansing POST
 for example (which like META is part of the request instance) is done as
 part of {{{SafeExceptionReporterFilter}}}. What I am experimenting with is
 to provide similar behavior for request.META as there already is for POST.

 I implemented a  {{{get_meta_parameters()}}} on
 {{{SafeExceptionReporterFilter}}} that cleanses all values in META that
 match the {{{HIDDEN_SETTINGS}}} (that are now an attribute of
 {{{ExceptionReporterFilter}}}).


 {{{
 #!python
 def get_meta_parameters(self, request):
     """
     Replaces the values of META parameters that match defined patterns
     from HIDDEN_SETTINGS with stars (*********).
     """
     if request is None:
         return {}
     else:
         cleansed = request.META.copy()
         # Cleanse all values that match the regexp in HIDDEN_SETTINGS.
         for k, v in cleansed.items():
             if self.HIDDEN_SETTINGS.search(k):
                 cleansed[k] = CLEANSED_SUBSTITUTE
         return cleansed
 }}}

 Now my idea would be to extend the Context instance in
 {{{get_traceback_data()}}} to get a {{{filtered_META}}}, analog to what it
 does to get the {{{filtered_POST}}}

 {{{
 #!python
 c = {
     # ...
     'filtered_POST': self.filter.get_post_parameters(self.request),
     'filtered_META': self.filter.get_meta_parameters(self.request)
     # ...
 }
 }}}

 Then, if {{{filtered_META}}} is not empty, I thought about changing the
 {{{TECHNICAL_500_TEMPLATE}}} to loop over that.


 ----


 Before I go on I would be interested if this was still accepted in terms
 of behavior and scope or if a solution in that direction would be unlikely
 to make its way to core. If yes I would be happy trying to code it and
 backing it up by tests and then come back here to discuss the possible
 patch.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.4c6904dcb6dc0c78546306d54580a6ef%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
------------------------------+------------------------------------
     Reporter:  blueyed       |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  Core (Other)  |                  Version:  master
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+------------------------------------

Comment (by blueyed):

 @sthzg
 Your proposed changes look good to me.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.c287907855def860475328099439dfc8%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
------------------------------+------------------------------------
     Reporter:  blueyed       |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  Core (Other)  |                  Version:  master
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  0             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  0
Easy pickings:  0             |                    UI/UX:  0
------------------------------+------------------------------------
Changes (by jrabbit):

 * cc: jrabbit (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.8e68a0f72b92bcc6254ed72d112ea6cf%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+------------------------------------
     Reporter:  blueyed          |                    Owner:  nobody
         Type:  New feature      |                   Status:  new
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  0                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by timgraham):

 * component:  Core (Other) => Error reporting


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.cea03faf7a89fd9d9bfbb51cda8d22e8%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+------------------------------------
     Reporter:  blueyed          |                    Owner:  nobody
         Type:  New feature      |                   Status:  new
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  1
  Needs tests:  1                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by timgraham):

 * needs_docs:  0 => 1
 * has_patch:  0 => 1
 * needs_tests:  0 => 1


Comment:

 [https://github.com/django/django/pull/6331 PR] (currently without tests
 and docs and probably developed independent from the discussion in this
 ticket).

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.1ab5d219f88b993d93df0073f3719977%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+----------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  Ryan Castner
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  1
  Needs tests:  1                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+----------------------------------------
Changes (by Ryan Castner):

 * owner:  nobody => Ryan Castner
 * status:  new => assigned


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.15596aa5c0c5418c87169cddc0e2486e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+----------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  Ryan Castner
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  1
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+----------------------------------------
Changes (by Tim Graham):

 * needs_better_patch:  0 => 1
 * needs_tests:  1 => 0
 * needs_docs:  1 => 0


Comment:

 [https://github.com/django/django/pull/7996 PR] with comments for
 improvement.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:10>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.406a8b4902e5234a0f636f46e7a7ca22%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+----------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  Ryan Castner
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+----------------------------------------
Changes (by Ryan Castner):

 * needs_better_patch:  1 => 0


Comment:

 Ok I made the updates you requested. Only thing I am unsure of is how I
 did the `.. versionchanged 2.0` annotation.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.e34842ba724850df3fd7bae8ad7f035e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+----------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  Ryan Castner
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  1
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+----------------------------------------
Changes (by Tim Graham):

 * needs_better_patch:  0 => 1


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.832f16fd1e351ff7c4cf938a7837bcce%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  maxsond
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  1
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by maxsond):

 * owner:  Ryan Castner => maxsond


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:13>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.302e7b495f9cb21642403d368d069723%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  maxsond
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by maxsond):

 * needs_better_patch:  1 => 0


Comment:

 [https://github.com/django/django/pull/10748|​PR] updated for the current
 master branch and with a test for
 ExceptionReporterFilter.get_safe_request_meta.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:14>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.54eddd0639906f44880eba1421dfdf78%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+-----------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  Daniel Maxson
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  1
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+-----------------------------------------
Changes (by Carlton Gibson):

 * needs_better_patch:  0 => 1


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:15>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.524aa8ea466b5a11e536d3845b6bf885%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+-----------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  Daniel Maxson
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+-----------------------------------------
Changes (by Carlton Gibson):

 * needs_better_patch:  1 => 0


Comment:

 There have been updates since last review. Unchecking PNI to put it back
 in the queue.

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:16>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.1f453d3d5ed7a6dd0a6587cc99701825%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
-------------------------------------+-------------------------------------
     Reporter:  Daniel Hahler        |                    Owner:  Daniel
                                     |  Maxson
         Type:  New feature          |                   Status:  assigned
    Component:  Error reporting      |                  Version:  master
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Ready for
                                     |  checkin
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Oskar Haller):

 * stage:  Accepted => Ready for checkin


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:17>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.635513b0bc5dc5b79f474c2baae6faa3%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
-------------------------------------+-------------------------------------
     Reporter:  Daniel Hahler        |                    Owner:  Daniel
                                     |  Maxson
         Type:  New feature          |                   Status:  assigned
    Component:  Error reporting      |                  Version:  master
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Ready for
                                     |  checkin
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Markus Holtermann):

 I'm not entirely sure we need that big of a change for this ticket,
 especially considering that this is a `DEBUG=True` page that should
 _never_ show up in production in the first place. I'd like to propose a
 significantly smaller PR instead:
 https://github.com/django/django/pull/11224

--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:18>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.72dede666593fd790e152bf4c7a459f7%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #23004: Cleanse entries from request.META in debug views

Django
In reply to this post by Django
#23004: Cleanse entries from request.META in debug views
---------------------------------+-----------------------------------------
     Reporter:  Daniel Hahler    |                    Owner:  Daniel Maxson
         Type:  New feature      |                   Status:  assigned
    Component:  Error reporting  |                  Version:  master
     Severity:  Normal           |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  1                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+-----------------------------------------
Changes (by Markus Holtermann):

 * stage:  Ready for checkin => Accepted


--
Ticket URL: <https://code.djangoproject.com/ticket/23004#comment:19>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.974eb68e4e1efe7478fca33e7471d9f1%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
12