2021-07-13 07:25:37 +00:00
|
|
|
|
=============================
|
|
|
|
|
How to manage error reporting
|
|
|
|
|
=============================
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
|
|
|
|
When you're running a public site you should always turn off the
|
|
|
|
|
:setting:`DEBUG` setting. That will make your server run much faster, and will
|
|
|
|
|
also prevent malicious users from seeing details of your application that can be
|
|
|
|
|
revealed by the error pages.
|
|
|
|
|
|
|
|
|
|
However, running with :setting:`DEBUG` set to ``False`` means you'll never see
|
2019-06-17 14:54:55 +00:00
|
|
|
|
errors generated by your site -- everyone will instead see your public error
|
|
|
|
|
pages. You need to keep track of errors that occur in deployed sites, so Django
|
|
|
|
|
can be configured to create reports with details about those errors.
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
Email reports
|
2016-01-03 10:56:22 +00:00
|
|
|
|
=============
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
Server errors
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-------------
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-04-01 16:10:22 +00:00
|
|
|
|
When :setting:`DEBUG` is ``False``, Django will email the users listed in the
|
2010-03-11 09:33:49 +00:00
|
|
|
|
:setting:`ADMINS` setting whenever your code raises an unhandled exception and
|
2019-10-09 07:29:46 +00:00
|
|
|
|
results in an internal server error (strictly speaking, for any response with
|
|
|
|
|
an HTTP status code of 500 or greater). This gives the administrators immediate
|
|
|
|
|
notification of any errors. The :setting:`ADMINS` will get a description of the
|
|
|
|
|
error, a complete Python traceback, and details about the HTTP request that
|
|
|
|
|
caused the error.
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2010-03-06 11:20:50 +00:00
|
|
|
|
.. note::
|
|
|
|
|
|
2011-04-01 16:10:22 +00:00
|
|
|
|
In order to send email, Django requires a few settings telling it
|
2010-03-06 11:20:50 +00:00
|
|
|
|
how to connect to your mail server. At the very least, you'll need
|
|
|
|
|
to specify :setting:`EMAIL_HOST` and possibly
|
|
|
|
|
:setting:`EMAIL_HOST_USER` and :setting:`EMAIL_HOST_PASSWORD`,
|
|
|
|
|
though other settings may be also required depending on your mail
|
2010-08-19 19:27:44 +00:00
|
|
|
|
server's configuration. Consult :doc:`the Django settings
|
|
|
|
|
documentation </ref/settings>` for a full list of email-related
|
2010-03-06 11:20:50 +00:00
|
|
|
|
settings.
|
|
|
|
|
|
2011-04-01 16:10:22 +00:00
|
|
|
|
By default, Django will send email from root@localhost. However, some mail
|
|
|
|
|
providers reject all email from this address. To use a different sender
|
2009-07-11 15:37:38 +00:00
|
|
|
|
address, modify the :setting:`SERVER_EMAIL` setting.
|
|
|
|
|
|
Simplified default project template.
Squashed commit of:
commit 508ec9144b35c50794708225b496bde1eb5e60aa
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 22:50:55 2013 +0100
Tweaked default settings file.
* Explained why BASE_DIR exists.
* Added a link to the database configuration options, and put it in its
own section.
* Moved sensitive settings that must be changed for production at the
top.
commit 6515fd2f1aa73a86dc8dbd2ccf512ddb6b140d57
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 14:35:21 2013 +0100
Documented the simplified app & project templates in the changelog.
commit 2c5b576c2ea91d84273a019b3d0b3b8b4da72f23
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 13:59:27 2013 +0100
Minor fixes in tutorials 5 and 6.
commit 55a51531be8104f21b3cca3f6bf70b0a7139a041
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 13:51:11 2013 +0100
Updated tutorial 2 for the new project template.
commit 29ddae87bdaecff12dd31b16b000c01efbde9e20
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 11:58:54 2013 +0100
Updated tutorial 1 for the new project template.
commit 0ecb9f6e2514cfd26a678a280d471433375101a3
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 11:29:13 2013 +0100
Adjusted the default URLconf detection to account for the admin.
It's now enabled by default.
commit 5fb4da0d3d09dac28dd94e3fde92b9d4335c0565
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 10:36:55 2013 +0100
Added security warnings for the most sensitive settings.
commit 718d84bd8ac4a42fb4b28ec93965de32680f091e
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 23:24:06 2013 +0100
Used an absolute path for the SQLite database.
This ensures the settings file works regardless of which directory
django-admin.py / manage.py is invoked from.
BASE_DIR got a +1 from a BDFL and another core dev. It doesn't involve
the concept of a "Django project"; it's just a convenient way to express
relative paths within the source code repository for non-Python files.
Thanks Jacob Kaplan-Moss for the suggestion.
commit 1b559b4bcda622e10909b68fe5cab90db6727dd9
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 23:22:40 2013 +0100
Removed STATIC_ROOT from the default settings template.
It isn't necessary in development, and it confuses beginners to no end.
Thanks Carl Meyer for the suggestion.
commit a55f141a500bb7c9a1bc259bbe1954c13b199671
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 23:21:43 2013 +0100
Removed MEDIA_ROOT/URL from default settings template.
Many sites will never deal with user-uploaded files, and MEDIA_ROOT is
complicated to explain.
Thanks Carl Meyer for the suggestion.
commit 44bf2f2441420fd9429ee9fe1f7207f92dd87e70
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 22:22:09 2013 +0100
Removed logging config.
This configuration is applied regardless of the value of LOGGING;
duplicating it in LOGGING is confusing.
commit eac747e848eaed65fd5f6f254f0a7559d856f88f
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 22:05:31 2013 +0100
Enabled the locale middleware by default.
USE_I18N is True by default, and doesn't work well without
LocaleMiddleware.
commit d806c62b2d00826dc2688c84b092627b8d571cab
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 22:03:16 2013 +0100
Enabled clickjacking protection by default.
commit 99152c30e6a15003f0b6737dc78e87adf462aacb
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 22:01:48 2013 +0100
Reorganized settings in logical sections, and trimmed comments.
commit d37ffdfcb24b7e0ec7cc113d07190f65fb12fb8a
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 16:54:11 2013 +0100
Avoided misleading TEMPLATE_DEBUG = DEBUG.
According to the docs TEMPLATE_DEBUG works only when DEBUG = True.
commit 15d9478d3a9850e85841e7cf09cf83050371c6bf
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 16:46:25 2013 +0100
Removed STATICFILES_FINDERS/TEMPLATE_LOADERS from default settings file.
Only developers with special needs ever need to change these settings.
commit 574da0eb5bfb4570883756914b4dbd7e20e1f61e
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 16:45:01 2013 +0100
Removed STATICFILES/TEMPLATES_DIRS from default settings file.
The current best practice is to put static files and templates in
applications, for easier testing and deployment.
commit 8cb18dbe56629aa1be74718a07e7cc66b4f9c9f0
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 16:24:16 2013 +0100
Removed settings related to email reporting from default settings file.
While handy for small scale projects, it isn't exactly a best practice.
commit 8ecbfcb3638058f0c49922540f874a7d802d864f
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 18:54:43 2013 +0100
Documented how to enable the sites framework.
commit 23fc91a6fa67d91ddd9d71b1c3e0dc26bdad9841
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 16:28:59 2013 +0100
Disabled the sites framework by default.
RequestSite does the job for single-domain websites.
commit c4d82eb8afc0eb8568bf9c4d12644272415e3960
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Tue Jan 29 00:08:33 2013 +0100
Added a default admin.py to the application template.
Thanks Ryan D Hiebert for the suggestion.
commit 4071dc771e5c44b1c5ebb9beecefb164ae465e22
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 10:59:49 2013 +0100
Enabled the admin by default.
Everyone uses the admin.
commit c807a31f8d89e7e7fd97380e3023f7983a8b6fcb
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 10:57:05 2013 +0100
Removed admindocs from default project template.
commit 09e4ce0e652a97da1a9e285046a91c8ad7a9189c
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 16:32:52 2013 +0100
Added links to the settings documentation.
commit 5b8f5eaef364eb790fcde6f9e86f7d266074cca8
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 11:06:54 2013 +0100
Used a significant example for URLconf includes.
commit 908e91d6fcee2a3cb51ca26ecdf12a6a24e69ef8
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 16:22:31 2013 +0100
Moved code comments about WSGI to docs, and rewrote said docs.
commit 50417e51996146f891d08ca8b74dcc736a581932
Author: Aymeric Augustin <aymeric.augustin@m4x.org>
Date: Mon Jan 28 15:51:50 2013 +0100
Normalized the default application template.
Removed the default test that 1 + 1 = 2, because it's been committed
way too many times, in too many projects.
Added an import of `render` for views, because the first view will
often be:
def home(request):
return render(request, "mysite/home.html")
2013-01-28 14:51:50 +00:00
|
|
|
|
To activate this behavior, put the email addresses of the recipients in the
|
|
|
|
|
:setting:`ADMINS` setting.
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2010-11-16 14:00:38 +00:00
|
|
|
|
.. seealso::
|
|
|
|
|
|
2014-10-30 05:46:16 +00:00
|
|
|
|
Server error emails are sent using the logging framework, so you can
|
|
|
|
|
customize this behavior by :doc:`customizing your logging configuration
|
|
|
|
|
</topics/logging>`.
|
2010-11-16 14:00:38 +00:00
|
|
|
|
|
2008-08-23 22:25:40 +00:00
|
|
|
|
404 errors
|
2016-01-03 10:56:22 +00:00
|
|
|
|
----------
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2011-04-01 16:10:22 +00:00
|
|
|
|
Django can also be configured to email errors about broken links (404 "page
|
|
|
|
|
not found" errors). Django sends emails about 404 errors when:
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2013-01-01 21:28:48 +00:00
|
|
|
|
* :setting:`DEBUG` is ``False``;
|
2009-07-11 15:37:38 +00:00
|
|
|
|
|
2015-11-07 15:12:37 +00:00
|
|
|
|
* Your :setting:`MIDDLEWARE` setting includes
|
2013-01-01 21:28:48 +00:00
|
|
|
|
:class:`django.middleware.common.BrokenLinkEmailsMiddleware`.
|
2009-07-11 15:37:38 +00:00
|
|
|
|
|
2011-04-01 16:10:22 +00:00
|
|
|
|
If those conditions are met, Django will email the users listed in the
|
2008-08-23 22:25:40 +00:00
|
|
|
|
:setting:`MANAGERS` setting whenever your code raises a 404 and the request has
|
2015-08-23 18:54:15 +00:00
|
|
|
|
a referer. It doesn't bother to email for 404s that don't have a referer --
|
2021-07-23 06:48:16 +00:00
|
|
|
|
those are usually people typing in broken URLs or broken web bots. It also
|
2015-08-23 18:54:15 +00:00
|
|
|
|
ignores 404s when the referer is equal to the requested URL, since this
|
2021-07-23 06:48:16 +00:00
|
|
|
|
behavior is from broken web bots too.
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2013-01-01 21:28:48 +00:00
|
|
|
|
.. note::
|
|
|
|
|
|
|
|
|
|
:class:`~django.middleware.common.BrokenLinkEmailsMiddleware` must appear
|
|
|
|
|
before other middleware that intercepts 404 errors, such as
|
|
|
|
|
:class:`~django.middleware.locale.LocaleMiddleware` or
|
|
|
|
|
:class:`~django.contrib.flatpages.middleware.FlatpageFallbackMiddleware`.
|
2021-07-30 18:34:50 +00:00
|
|
|
|
Put it toward the top of your :setting:`MIDDLEWARE` setting.
|
2013-01-01 21:28:48 +00:00
|
|
|
|
|
2008-08-23 22:25:40 +00:00
|
|
|
|
You can tell Django to stop reporting particular 404s by tweaking the
|
2015-01-21 16:55:57 +00:00
|
|
|
|
:setting:`IGNORABLE_404_URLS` setting. It should be a list of compiled
|
2011-05-05 20:49:26 +00:00
|
|
|
|
regular expression objects. For example::
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
2011-05-05 20:49:26 +00:00
|
|
|
|
import re
|
2015-01-21 16:55:57 +00:00
|
|
|
|
IGNORABLE_404_URLS = [
|
2011-05-05 20:49:26 +00:00
|
|
|
|
re.compile(r'\.(php|cgi)$'),
|
|
|
|
|
re.compile(r'^/phpmyadmin/'),
|
2015-01-21 16:55:57 +00:00
|
|
|
|
]
|
2008-08-23 22:25:40 +00:00
|
|
|
|
|
|
|
|
|
In this example, a 404 to any URL ending with ``.php`` or ``.cgi`` will *not* be
|
|
|
|
|
reported. Neither will any URL starting with ``/phpmyadmin/``.
|
|
|
|
|
|
2011-05-05 20:49:26 +00:00
|
|
|
|
The following example shows how to exclude some conventional URLs that browsers and
|
|
|
|
|
crawlers often request::
|
|
|
|
|
|
|
|
|
|
import re
|
2015-01-21 16:55:57 +00:00
|
|
|
|
IGNORABLE_404_URLS = [
|
2011-05-05 20:49:26 +00:00
|
|
|
|
re.compile(r'^/apple-touch-icon.*\.png$'),
|
2011-11-28 19:41:58 +00:00
|
|
|
|
re.compile(r'^/favicon\.ico$'),
|
|
|
|
|
re.compile(r'^/robots\.txt$'),
|
2015-01-21 16:55:57 +00:00
|
|
|
|
]
|
2011-05-05 20:49:26 +00:00
|
|
|
|
|
2011-05-24 18:39:28 +00:00
|
|
|
|
(Note that these are regular expressions, so we put a backslash in front of
|
|
|
|
|
periods to escape them.)
|
2011-05-05 20:49:26 +00:00
|
|
|
|
|
2013-05-24 15:55:50 +00:00
|
|
|
|
If you'd like to customize the behavior of
|
|
|
|
|
:class:`django.middleware.common.BrokenLinkEmailsMiddleware` further (for
|
|
|
|
|
example to ignore requests coming from web crawlers), you should subclass it
|
|
|
|
|
and override its methods.
|
|
|
|
|
|
2010-11-16 14:00:38 +00:00
|
|
|
|
.. seealso::
|
|
|
|
|
|
2014-10-30 05:46:16 +00:00
|
|
|
|
404 errors are logged using the logging framework. By default, these log
|
|
|
|
|
records are ignored, but you can use them for error reporting by writing a
|
|
|
|
|
handler and :doc:`configuring logging </topics/logging>` appropriately.
|
2010-11-16 14:00:38 +00:00
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
.. _filtering-error-reports:
|
|
|
|
|
|
|
|
|
|
Filtering error reports
|
2016-01-03 10:56:22 +00:00
|
|
|
|
=======================
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2015-07-13 22:11:24 +00:00
|
|
|
|
.. warning::
|
|
|
|
|
|
|
|
|
|
Filtering sensitive data is a hard problem, and it's nearly impossible to
|
2017-01-30 20:38:19 +00:00
|
|
|
|
guarantee that sensitive data won't leak into an error report. Therefore,
|
|
|
|
|
error reports should only be available to trusted team members and you
|
2021-07-28 10:56:56 +00:00
|
|
|
|
should avoid transmitting error reports unencrypted over the internet
|
2017-01-30 20:38:19 +00:00
|
|
|
|
(such as through email).
|
2015-07-13 22:11:24 +00:00
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
Filtering sensitive information
|
2016-01-03 10:56:22 +00:00
|
|
|
|
-------------------------------
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2013-09-15 18:14:26 +00:00
|
|
|
|
.. currentmodule:: django.views.decorators.debug
|
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
Error reports are really helpful for debugging errors, so it is generally
|
|
|
|
|
useful to record as much relevant information about those errors as possible.
|
|
|
|
|
For example, by default Django records the `full traceback`_ for the
|
2013-08-05 16:23:26 +00:00
|
|
|
|
exception raised, each `traceback frame`_’s local variables, and the
|
|
|
|
|
:class:`~django.http.HttpRequest`’s :ref:`attributes<httprequest-attributes>`.
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
However, sometimes certain types of information may be too sensitive and thus
|
|
|
|
|
may not be appropriate to be kept track of, for example a user's password or
|
2016-03-31 17:41:06 +00:00
|
|
|
|
credit card number. So in addition to filtering out settings that appear to be
|
|
|
|
|
sensitive as described in the :setting:`DEBUG` documentation, Django offers a
|
|
|
|
|
set of function decorators to help you control which information should be
|
|
|
|
|
filtered out of error reports in a production environment (that is, where
|
|
|
|
|
:setting:`DEBUG` is set to ``False``): :func:`sensitive_variables` and
|
|
|
|
|
:func:`sensitive_post_parameters`.
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2015-08-08 10:02:32 +00:00
|
|
|
|
.. _`full traceback`: https://en.wikipedia.org/wiki/Stack_trace
|
|
|
|
|
.. _`traceback frame`: https://en.wikipedia.org/wiki/Stack_frame
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
.. function:: sensitive_variables(*variables)
|
|
|
|
|
|
|
|
|
|
If a function (either a view or any regular callback) in your code uses
|
|
|
|
|
local variables susceptible to contain sensitive information, you may
|
|
|
|
|
prevent the values of those variables from being included in error reports
|
2011-10-14 00:12:01 +00:00
|
|
|
|
using the ``sensitive_variables`` decorator::
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
from django.views.decorators.debug import sensitive_variables
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
@sensitive_variables('user', 'pw', 'cc')
|
|
|
|
|
def process_info(user):
|
|
|
|
|
pw = user.pass_word
|
|
|
|
|
cc = user.credit_card_number
|
|
|
|
|
name = user.name
|
|
|
|
|
...
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
In the above example, the values for the ``user``, ``pw`` and ``cc``
|
2020-03-31 08:37:38 +00:00
|
|
|
|
variables will be hidden and replaced with stars (``**********``)
|
|
|
|
|
in the error reports, whereas the value of the ``name`` variable will be
|
2011-06-08 22:18:46 +00:00
|
|
|
|
disclosed.
|
|
|
|
|
|
|
|
|
|
To systematically hide all local variables of a function from error logs,
|
2011-10-14 00:12:01 +00:00
|
|
|
|
do not provide any argument to the ``sensitive_variables`` decorator::
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
@sensitive_variables()
|
|
|
|
|
def my_function():
|
|
|
|
|
...
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2014-02-22 17:30:28 +00:00
|
|
|
|
.. admonition:: When using multiple decorators
|
2012-12-31 17:34:08 +00:00
|
|
|
|
|
|
|
|
|
If the variable you want to hide is also a function argument (e.g.
|
2013-08-05 16:23:26 +00:00
|
|
|
|
'``user``’ in the following example), and if the decorated function has
|
2014-02-22 17:30:28 +00:00
|
|
|
|
multiple decorators, then make sure to place ``@sensitive_variables``
|
|
|
|
|
at the top of the decorator chain. This way it will also hide the
|
|
|
|
|
function argument as it gets passed through the other decorators::
|
2012-12-31 17:34:08 +00:00
|
|
|
|
|
|
|
|
|
@sensitive_variables('user', 'pw', 'cc')
|
|
|
|
|
@some_decorator
|
|
|
|
|
@another_decorator
|
|
|
|
|
def process_info(user):
|
|
|
|
|
...
|
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
.. function:: sensitive_post_parameters(*parameters)
|
|
|
|
|
|
2012-12-25 14:56:22 +00:00
|
|
|
|
If one of your views receives an :class:`~django.http.HttpRequest` object
|
|
|
|
|
with :attr:`POST parameters<django.http.HttpRequest.POST>` susceptible to
|
|
|
|
|
contain sensitive information, you may prevent the values of those
|
|
|
|
|
parameters from being included in the error reports using the
|
|
|
|
|
``sensitive_post_parameters`` decorator::
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
from django.views.decorators.debug import sensitive_post_parameters
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
@sensitive_post_parameters('pass_word', 'credit_card_number')
|
|
|
|
|
def record_user_profile(request):
|
2016-06-02 19:56:13 +00:00
|
|
|
|
UserProfile.create(
|
|
|
|
|
user=request.user,
|
|
|
|
|
password=request.POST['pass_word'],
|
|
|
|
|
credit_card=request.POST['credit_card_number'],
|
|
|
|
|
name=request.POST['name'],
|
|
|
|
|
)
|
2011-10-14 00:12:01 +00:00
|
|
|
|
...
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
In the above example, the values for the ``pass_word`` and
|
|
|
|
|
``credit_card_number`` POST parameters will be hidden and replaced with
|
2020-03-31 08:37:38 +00:00
|
|
|
|
stars (``**********``) in the request's representation inside the
|
|
|
|
|
error reports, whereas the value of the ``name`` parameter will be
|
|
|
|
|
disclosed.
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
To systematically hide all POST parameters of a request in error reports,
|
2011-10-14 00:12:01 +00:00
|
|
|
|
do not provide any argument to the ``sensitive_post_parameters`` decorator::
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
@sensitive_post_parameters()
|
|
|
|
|
def my_view(request):
|
|
|
|
|
...
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2012-12-26 20:47:29 +00:00
|
|
|
|
All POST parameters are systematically filtered out of error reports for
|
|
|
|
|
certain :mod:`django.contrib.auth.views` views (``login``,
|
|
|
|
|
``password_reset_confirm``, ``password_change``, and ``add_view`` and
|
|
|
|
|
``user_change_password`` in the ``auth`` admin) to prevent the leaking of
|
|
|
|
|
sensitive information such as user passwords.
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
.. _custom-error-reports:
|
|
|
|
|
|
|
|
|
|
Custom error reports
|
2016-01-03 10:56:22 +00:00
|
|
|
|
--------------------
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
All :func:`sensitive_variables` and :func:`sensitive_post_parameters` do is,
|
|
|
|
|
respectively, annotate the decorated function with the names of sensitive
|
|
|
|
|
variables and annotate the ``HttpRequest`` object with the names of sensitive
|
|
|
|
|
POST parameters, so that this sensitive information can later be filtered out
|
|
|
|
|
of reports when an error occurs. The actual filtering is done by Django's
|
|
|
|
|
default error reporter filter:
|
|
|
|
|
:class:`django.views.debug.SafeExceptionReporterFilter`. This filter uses the
|
|
|
|
|
decorators' annotations to replace the corresponding values with stars
|
2020-03-31 08:37:38 +00:00
|
|
|
|
(``**********``) when the error reports are produced. If you wish to
|
|
|
|
|
override or customize this default behavior for your entire site, you need to
|
|
|
|
|
define your own filter class and tell Django to use it via the
|
2011-10-14 00:12:01 +00:00
|
|
|
|
:setting:`DEFAULT_EXCEPTION_REPORTER_FILTER` setting::
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
DEFAULT_EXCEPTION_REPORTER_FILTER = 'path.to.your.CustomExceptionReporterFilter'
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
|
|
|
|
You may also control in a more granular way which filter to use within any
|
2013-08-05 16:23:26 +00:00
|
|
|
|
given view by setting the ``HttpRequest``’s ``exception_reporter_filter``
|
2011-10-14 00:12:01 +00:00
|
|
|
|
attribute::
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2011-10-14 00:12:01 +00:00
|
|
|
|
def my_view(request):
|
2016-04-02 11:18:26 +00:00
|
|
|
|
if request.user.is_authenticated:
|
2011-10-14 00:12:01 +00:00
|
|
|
|
request.exception_reporter_filter = CustomExceptionReporterFilter()
|
|
|
|
|
...
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2013-09-15 18:14:26 +00:00
|
|
|
|
.. currentmodule:: django.views.debug
|
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
Your custom filter class needs to inherit from
|
|
|
|
|
:class:`django.views.debug.SafeExceptionReporterFilter` and may override the
|
2020-01-09 09:00:07 +00:00
|
|
|
|
following attributes and methods:
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2013-09-15 18:14:26 +00:00
|
|
|
|
.. class:: SafeExceptionReporterFilter
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2020-01-09 09:00:07 +00:00
|
|
|
|
.. attribute:: cleansed_substitute
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2020-01-09 09:00:07 +00:00
|
|
|
|
The string value to replace sensitive value with. By default it
|
2020-03-31 08:37:38 +00:00
|
|
|
|
replaces the values of sensitive variables with stars
|
|
|
|
|
(``**********``).
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2020-01-09 09:00:07 +00:00
|
|
|
|
.. attribute:: hidden_settings
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2020-01-09 10:37:19 +00:00
|
|
|
|
A compiled regular expression object used to match settings and
|
|
|
|
|
``request.META`` values considered as sensitive. By default equivalent
|
|
|
|
|
to::
|
2020-01-09 09:00:07 +00:00
|
|
|
|
|
|
|
|
|
import re
|
|
|
|
|
|
|
|
|
|
re.compile(r'API|TOKEN|KEY|SECRET|PASS|SIGNATURE', flags=re.IGNORECASE)
|
|
|
|
|
|
|
|
|
|
.. method:: is_active(request)
|
|
|
|
|
|
|
|
|
|
Returns ``True`` to activate the filtering in
|
|
|
|
|
:meth:`get_post_parameters` and :meth:`get_traceback_frame_variables`.
|
|
|
|
|
By default the filter is active if :setting:`DEBUG` is ``False``. Note
|
2020-01-09 10:37:19 +00:00
|
|
|
|
that sensitive ``request.META`` values are always filtered along with
|
|
|
|
|
sensitive setting values, as described in the :setting:`DEBUG`
|
|
|
|
|
documentation.
|
2020-01-09 09:00:07 +00:00
|
|
|
|
|
|
|
|
|
.. method:: get_post_parameters(request)
|
|
|
|
|
|
|
|
|
|
Returns the filtered dictionary of POST parameters. Sensitive values
|
|
|
|
|
are replaced with :attr:`cleansed_substitute`.
|
|
|
|
|
|
|
|
|
|
.. method:: get_traceback_frame_variables(request, tb_frame)
|
|
|
|
|
|
|
|
|
|
Returns the filtered dictionary of local variables for the given
|
|
|
|
|
traceback frame. Sensitive values are replaced with
|
|
|
|
|
:attr:`cleansed_substitute`.
|
2011-06-08 22:18:46 +00:00
|
|
|
|
|
2019-09-07 17:08:12 +00:00
|
|
|
|
If you need to customize error reports beyond filtering you may specify a
|
|
|
|
|
custom error reporter class by defining the
|
|
|
|
|
:setting:`DEFAULT_EXCEPTION_REPORTER` setting::
|
|
|
|
|
|
|
|
|
|
DEFAULT_EXCEPTION_REPORTER = 'path.to.your.CustomExceptionReporter'
|
|
|
|
|
|
|
|
|
|
The exception reporter is responsible for compiling the exception report data,
|
|
|
|
|
and formatting it as text or HTML appropriately. (The exception reporter uses
|
|
|
|
|
:setting:`DEFAULT_EXCEPTION_REPORTER_FILTER` when preparing the exception
|
|
|
|
|
report data.)
|
|
|
|
|
|
|
|
|
|
Your custom reporter class needs to inherit from
|
|
|
|
|
:class:`django.views.debug.ExceptionReporter`.
|
|
|
|
|
|
|
|
|
|
.. class:: ExceptionReporter
|
|
|
|
|
|
2020-10-15 09:44:02 +00:00
|
|
|
|
.. attribute:: html_template_path
|
|
|
|
|
|
2021-03-30 20:57:33 +00:00
|
|
|
|
Property that returns a :class:`pathlib.Path` representing the absolute
|
|
|
|
|
filesystem path to a template for rendering the HTML representation of
|
|
|
|
|
the exception. Defaults to the Django provided template.
|
2020-10-15 09:44:02 +00:00
|
|
|
|
|
|
|
|
|
.. attribute:: text_template_path
|
|
|
|
|
|
2021-03-30 20:57:33 +00:00
|
|
|
|
Property that returns a :class:`pathlib.Path` representing the absolute
|
|
|
|
|
filesystem path to a template for rendering the plain-text
|
|
|
|
|
representation of the exception. Defaults to the Django provided
|
|
|
|
|
template.
|
2020-10-15 09:44:02 +00:00
|
|
|
|
|
2019-09-07 17:08:12 +00:00
|
|
|
|
.. method:: get_traceback_data()
|
|
|
|
|
|
|
|
|
|
Return a dictionary containing traceback information.
|
|
|
|
|
|
|
|
|
|
This is the main extension point for customizing exception reports, for
|
|
|
|
|
example::
|
|
|
|
|
|
|
|
|
|
from django.views.debug import ExceptionReporter
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class CustomExceptionReporter(ExceptionReporter):
|
|
|
|
|
def get_traceback_data(self):
|
|
|
|
|
data = super().get_traceback_data()
|
|
|
|
|
# ... remove/add something here ...
|
|
|
|
|
return data
|
|
|
|
|
|
|
|
|
|
.. method:: get_traceback_html()
|
|
|
|
|
|
|
|
|
|
Return HTML version of exception report.
|
|
|
|
|
|
|
|
|
|
Used for HTML version of debug 500 HTTP error page.
|
|
|
|
|
|
|
|
|
|
.. method:: get_traceback_text()
|
|
|
|
|
|
|
|
|
|
Return plain text version of exception report.
|
|
|
|
|
|
|
|
|
|
Used for plain text version of debug 500 HTTP error page and email
|
|
|
|
|
reports.
|
|
|
|
|
|
|
|
|
|
As with the filter class, you may control which exception reporter class to use
|
|
|
|
|
within any given view by setting the ``HttpRequest``’s
|
|
|
|
|
``exception_reporter_class`` attribute::
|
|
|
|
|
|
|
|
|
|
def my_view(request):
|
|
|
|
|
if request.user.is_authenticated:
|
|
|
|
|
request.exception_reporter_class = CustomExceptionReporter()
|
|
|
|
|
...
|
|
|
|
|
|
2011-06-08 22:18:46 +00:00
|
|
|
|
.. seealso::
|
|
|
|
|
|
|
|
|
|
You can also set up custom error reporting by writing a custom piece of
|
|
|
|
|
:ref:`exception middleware <exception-middleware>`. If you do write custom
|
|
|
|
|
error handling, it's a good idea to emulate Django's built-in error handling
|
|
|
|
|
and only report/log errors if :setting:`DEBUG` is ``False``.
|