From 350455b666a289d336fca770578887ce51f1aebe Mon Sep 17 00:00:00 2001 From: Tobias Bengfort Date: Wed, 26 Oct 2022 12:30:44 +0200 Subject: Fixed #33606 -- Cleansed sessionid cookie in error reports. Co-authored-by: Simon Charette --- docs/howto/error-reporting.txt | 6 +++++- docs/releases/4.2.txt | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index 6cd69d5857..b808a0a981 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -281,7 +281,11 @@ following attributes and methods: import re - re.compile(r'API|TOKEN|KEY|SECRET|PASS|SIGNATURE', flags=re.IGNORECASE) + re.compile(r'API|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE', flags=re.IGNORECASE) + + .. versionchanged:: 4.2 + + ``HTTP_COOKIE`` was added. .. method:: is_active(request) diff --git a/docs/releases/4.2.txt b/docs/releases/4.2.txt index 9c6526a3a0..58e4bd12ac 100644 --- a/docs/releases/4.2.txt +++ b/docs/releases/4.2.txt @@ -176,6 +176,9 @@ Forms * :func:`~django.forms.models.modelform_factory` now respects the ``formfield_callback`` attribute of the ``form``’s ``Meta``. +* Session cookies are now treated as credentials and therefore hidden and + replaced with stars (``**********``) in error reports. + Generic Views ~~~~~~~~~~~~~ -- cgit v1.3