From b3cffde5559c4fa97625512d7ec41a674be26076 Mon Sep 17 00:00:00 2001 From: Jon Dufresne Date: Fri, 13 Apr 2018 13:18:53 -0700 Subject: Fixed #29324 -- Made Settings raise ImproperlyConfigured if SECRET_KEY is accessed and not set. --- docs/ref/settings.txt | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 3647e60663..635cadc848 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -2074,7 +2074,7 @@ object. See :ref:`how-django-processes-a-request` for details. ``SECRET_KEY`` -------------- -Default: ``''`` (Empty string) +Default: Not defined A secret key for a particular Django installation. This is used to provide :doc:`cryptographic signing `, and should be set to a unique, @@ -2087,7 +2087,9 @@ Uses of the key shouldn't assume that it's text or bytes. Every use should go through :func:`~django.utils.encoding.force_text` or :func:`~django.utils.encoding.force_bytes` to convert it to the desired type. -Django will refuse to start if :setting:`SECRET_KEY` is not set. +Django will refuse to start if :setting:`SECRET_KEY` is set to an empty value. +:class:`~django.core.exceptions.ImproperlyConfigured` is raised if +``SECRET_KEY`` is accessed but not set. .. warning:: @@ -2120,6 +2122,10 @@ affect them. startproject ` creates a unique ``SECRET_KEY`` for convenience. +.. versionchanged:: 2.1 + + In older versions, ``SECRET_KEY`` defaults to an empty string. + .. setting:: SECURE_BROWSER_XSS_FILTER ``SECURE_BROWSER_XSS_FILTER`` -- cgit v1.3