From e2d9d66a22f9004c0349f6aa9f8762fa558bdee8 Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Thu, 9 Jan 2020 11:37:19 +0100 Subject: Fixed #23004 -- Added request.META filtering to SafeExceptionReporterFilter. Co-authored-by: Ryan Castner --- docs/howto/error-reporting.txt | 10 ++++++---- docs/releases/3.1.txt | 6 +++++- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index a4cb5d2a1a..e145897b2a 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -277,8 +277,9 @@ following attributes and methods: .. versionadded:: 3.1 - A compiled regular expression object used to match settings considered - as sensitive. By default equivalent to:: + A compiled regular expression object used to match settings and + ``request.META`` values considered as sensitive. By default equivalent + to:: import re @@ -289,8 +290,9 @@ following attributes and methods: Returns ``True`` to activate the filtering in :meth:`get_post_parameters` and :meth:`get_traceback_frame_variables`. By default the filter is active if :setting:`DEBUG` is ``False``. Note - that sensitive settings are always filtered, as described in the - :setting:`DEBUG` documentation. + that sensitive ``request.META`` values are always filtered along with + sensitive setting values, as described in the :setting:`DEBUG` + documentation. .. method:: get_post_parameters(request) diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 48df0a0d66..29e5e22314 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -161,9 +161,13 @@ Email Error Reporting ~~~~~~~~~~~~~~~ +* :class:`django.views.debug.SafeExceptionReporterFilter` now filters sensitive + values from ``request.META`` in exception reports. + * The new :attr:`.SafeExceptionReporterFilter.cleansed_substitute` and :attr:`.SafeExceptionReporterFilter.hidden_settings` attributes allow - customization of sensitive settings filtering in exception reports. + customization of sensitive settings and ``request.META`` filtering in + exception reports. * The technical 404 debug view now respects :setting:`DEFAULT_EXCEPTION_REPORTER_FILTER` when applying settings -- cgit v1.3