diff --git a/django/views/debug.py b/django/views/debug.py index c1265bfe6b..38f1338461 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -113,7 +113,7 @@ class SafeExceptionReporterFilter: cleansed_substitute = "********************" hidden_settings = _lazy_re_compile( - "API|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.I + "API|AUTH|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.I ) def cleanse_setting(self, key, value): diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index 61450dfe7a..17ba14c35c 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -282,7 +282,11 @@ following attributes and methods: import re - re.compile(r"API|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.IGNORECASE) + re.compile(r"API|AUTH|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.IGNORECASE) + + .. versionchanged:: 5.2 + + The term ``AUTH`` was added. .. method:: is_active(request) diff --git a/docs/releases/5.2.txt b/docs/releases/5.2.txt index ba9a3dfd4c..b732e98c9f 100644 --- a/docs/releases/5.2.txt +++ b/docs/releases/5.2.txt @@ -150,7 +150,8 @@ Email Error Reporting ~~~~~~~~~~~~~~~ -* ... +* The attribute :attr:`.SafeExceptionReporterFilter.hidden_settings` now + treats values as sensitive if their name includes ``AUTH``. File Storage ~~~~~~~~~~~~ diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 0cc6348920..4b0a7cf49d 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -1557,7 +1557,8 @@ class ExceptionReporterFilterTests( "SECRET_KEY_FALLBACKS", "PASSWORD", "API_KEY", - "AUTH_TOKEN", + "SOME_TOKEN", + "MY_AUTH", ] def test_non_sensitive_request(self): @@ -1885,6 +1886,7 @@ class ExceptionReporterFilterTests( "PASSWORD": "super secret", "SECRET_VALUE": "super secret", "SOME_TOKEN": "super secret", + "THE_AUTH": "super secret", } request = self.rf.get("/", headers=headers) reporter_filter = SafeExceptionReporterFilter()