mirror of
https://github.com/django/django.git
synced 2024-12-23 17:46:27 +00:00
3f1c7b7053
Squashed commit of: commit 508ec9144b35c50794708225b496bde1eb5e60aa Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 22:50:55 2013 +0100 Tweaked default settings file. * Explained why BASE_DIR exists. * Added a link to the database configuration options, and put it in its own section. * Moved sensitive settings that must be changed for production at the top. commit 6515fd2f1aa73a86dc8dbd2ccf512ddb6b140d57 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 14:35:21 2013 +0100 Documented the simplified app & project templates in the changelog. commit 2c5b576c2ea91d84273a019b3d0b3b8b4da72f23 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 13:59:27 2013 +0100 Minor fixes in tutorials 5 and 6. commit 55a51531be8104f21b3cca3f6bf70b0a7139a041 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 13:51:11 2013 +0100 Updated tutorial 2 for the new project template. commit 29ddae87bdaecff12dd31b16b000c01efbde9e20 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 11:58:54 2013 +0100 Updated tutorial 1 for the new project template. commit 0ecb9f6e2514cfd26a678a280d471433375101a3 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 11:29:13 2013 +0100 Adjusted the default URLconf detection to account for the admin. It's now enabled by default. commit 5fb4da0d3d09dac28dd94e3fde92b9d4335c0565 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 10:36:55 2013 +0100 Added security warnings for the most sensitive settings. commit 718d84bd8ac4a42fb4b28ec93965de32680f091e Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 23:24:06 2013 +0100 Used an absolute path for the SQLite database. This ensures the settings file works regardless of which directory django-admin.py / manage.py is invoked from. BASE_DIR got a +1 from a BDFL and another core dev. It doesn't involve the concept of a "Django project"; it's just a convenient way to express relative paths within the source code repository for non-Python files. Thanks Jacob Kaplan-Moss for the suggestion. commit 1b559b4bcda622e10909b68fe5cab90db6727dd9 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 23:22:40 2013 +0100 Removed STATIC_ROOT from the default settings template. It isn't necessary in development, and it confuses beginners to no end. Thanks Carl Meyer for the suggestion. commit a55f141a500bb7c9a1bc259bbe1954c13b199671 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 23:21:43 2013 +0100 Removed MEDIA_ROOT/URL from default settings template. Many sites will never deal with user-uploaded files, and MEDIA_ROOT is complicated to explain. Thanks Carl Meyer for the suggestion. commit 44bf2f2441420fd9429ee9fe1f7207f92dd87e70 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 22:22:09 2013 +0100 Removed logging config. This configuration is applied regardless of the value of LOGGING; duplicating it in LOGGING is confusing. commit eac747e848eaed65fd5f6f254f0a7559d856f88f Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 22:05:31 2013 +0100 Enabled the locale middleware by default. USE_I18N is True by default, and doesn't work well without LocaleMiddleware. commit d806c62b2d00826dc2688c84b092627b8d571cab Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 22:03:16 2013 +0100 Enabled clickjacking protection by default. commit 99152c30e6a15003f0b6737dc78e87adf462aacb Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 22:01:48 2013 +0100 Reorganized settings in logical sections, and trimmed comments. commit d37ffdfcb24b7e0ec7cc113d07190f65fb12fb8a Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 16:54:11 2013 +0100 Avoided misleading TEMPLATE_DEBUG = DEBUG. According to the docs TEMPLATE_DEBUG works only when DEBUG = True. commit 15d9478d3a9850e85841e7cf09cf83050371c6bf Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 16:46:25 2013 +0100 Removed STATICFILES_FINDERS/TEMPLATE_LOADERS from default settings file. Only developers with special needs ever need to change these settings. commit 574da0eb5bfb4570883756914b4dbd7e20e1f61e Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 16:45:01 2013 +0100 Removed STATICFILES/TEMPLATES_DIRS from default settings file. The current best practice is to put static files and templates in applications, for easier testing and deployment. commit 8cb18dbe56629aa1be74718a07e7cc66b4f9c9f0 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 16:24:16 2013 +0100 Removed settings related to email reporting from default settings file. While handy for small scale projects, it isn't exactly a best practice. commit 8ecbfcb3638058f0c49922540f874a7d802d864f Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 18:54:43 2013 +0100 Documented how to enable the sites framework. commit 23fc91a6fa67d91ddd9d71b1c3e0dc26bdad9841 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 16:28:59 2013 +0100 Disabled the sites framework by default. RequestSite does the job for single-domain websites. commit c4d82eb8afc0eb8568bf9c4d12644272415e3960 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Tue Jan 29 00:08:33 2013 +0100 Added a default admin.py to the application template. Thanks Ryan D Hiebert for the suggestion. commit 4071dc771e5c44b1c5ebb9beecefb164ae465e22 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 10:59:49 2013 +0100 Enabled the admin by default. Everyone uses the admin. commit c807a31f8d89e7e7fd97380e3023f7983a8b6fcb Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 10:57:05 2013 +0100 Removed admindocs from default project template. commit 09e4ce0e652a97da1a9e285046a91c8ad7a9189c Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 16:32:52 2013 +0100 Added links to the settings documentation. commit 5b8f5eaef364eb790fcde6f9e86f7d266074cca8 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 11:06:54 2013 +0100 Used a significant example for URLconf includes. commit 908e91d6fcee2a3cb51ca26ecdf12a6a24e69ef8 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 16:22:31 2013 +0100 Moved code comments about WSGI to docs, and rewrote said docs. commit 50417e51996146f891d08ca8b74dcc736a581932 Author: Aymeric Augustin <aymeric.augustin@m4x.org> Date: Mon Jan 28 15:51:50 2013 +0100 Normalized the default application template. Removed the default test that 1 + 1 = 2, because it's been committed way too many times, in too many projects. Added an import of `render` for views, because the first view will often be: def home(request): return render(request, "mysite/home.html")
273 lines
11 KiB
Plaintext
273 lines
11 KiB
Plaintext
Error reporting
|
|
===============
|
|
|
|
When you're running a public site you should always turn off the
|
|
:setting:`DEBUG` setting. That will make your server run much faster, and will
|
|
also prevent malicious users from seeing details of your application that can be
|
|
revealed by the error pages.
|
|
|
|
However, running with :setting:`DEBUG` set to ``False`` means you'll never see
|
|
errors generated by your site -- everyone will just see your public error pages.
|
|
You need to keep track of errors that occur in deployed sites, so Django can be
|
|
configured to create reports with details about those errors.
|
|
|
|
Email reports
|
|
-------------
|
|
|
|
Server errors
|
|
~~~~~~~~~~~~~
|
|
|
|
When :setting:`DEBUG` is ``False``, Django will email the users listed in the
|
|
:setting:`ADMINS` setting whenever your code raises an unhandled exception and
|
|
results in an internal server error (HTTP status code 500). This gives the
|
|
administrators immediate notification of any errors. The :setting:`ADMINS` will
|
|
get a description of the error, a complete Python traceback, and details about
|
|
the HTTP request that caused the error.
|
|
|
|
.. note::
|
|
|
|
In order to send email, Django requires a few settings telling it
|
|
how to connect to your mail server. At the very least, you'll need
|
|
to specify :setting:`EMAIL_HOST` and possibly
|
|
:setting:`EMAIL_HOST_USER` and :setting:`EMAIL_HOST_PASSWORD`,
|
|
though other settings may be also required depending on your mail
|
|
server's configuration. Consult :doc:`the Django settings
|
|
documentation </ref/settings>` for a full list of email-related
|
|
settings.
|
|
|
|
By default, Django will send email from root@localhost. However, some mail
|
|
providers reject all email from this address. To use a different sender
|
|
address, modify the :setting:`SERVER_EMAIL` setting.
|
|
|
|
To activate this behavior, put the email addresses of the recipients in the
|
|
:setting:`ADMINS` setting.
|
|
|
|
.. seealso::
|
|
|
|
Server error emails are sent using the logging framework, so you can
|
|
customize this behavior by :doc:`customizing your logging configuration
|
|
</topics/logging>`.
|
|
|
|
404 errors
|
|
~~~~~~~~~~
|
|
|
|
Django can also be configured to email errors about broken links (404 "page
|
|
not found" errors). Django sends emails about 404 errors when:
|
|
|
|
* :setting:`DEBUG` is ``False``;
|
|
|
|
* Your :setting:`MIDDLEWARE_CLASSES` setting includes
|
|
:class:`django.middleware.common.BrokenLinkEmailsMiddleware`.
|
|
|
|
If those conditions are met, Django will email the users listed in the
|
|
:setting:`MANAGERS` setting whenever your code raises a 404 and the request has
|
|
a referer. (It doesn't bother to email for 404s that don't have a referer --
|
|
those are usually just people typing in broken URLs or broken Web 'bots).
|
|
|
|
.. note::
|
|
|
|
:class:`~django.middleware.common.BrokenLinkEmailsMiddleware` must appear
|
|
before other middleware that intercepts 404 errors, such as
|
|
:class:`~django.middleware.locale.LocaleMiddleware` or
|
|
:class:`~django.contrib.flatpages.middleware.FlatpageFallbackMiddleware`.
|
|
Put it towards the top of your :setting:`MIDDLEWARE_CLASSES` setting.
|
|
|
|
You can tell Django to stop reporting particular 404s by tweaking the
|
|
:setting:`IGNORABLE_404_URLS` setting. It should be a tuple of compiled
|
|
regular expression objects. For example::
|
|
|
|
import re
|
|
IGNORABLE_404_URLS = (
|
|
re.compile(r'\.(php|cgi)$'),
|
|
re.compile(r'^/phpmyadmin/'),
|
|
)
|
|
|
|
In this example, a 404 to any URL ending with ``.php`` or ``.cgi`` will *not* be
|
|
reported. Neither will any URL starting with ``/phpmyadmin/``.
|
|
|
|
The following example shows how to exclude some conventional URLs that browsers and
|
|
crawlers often request::
|
|
|
|
import re
|
|
IGNORABLE_404_URLS = (
|
|
re.compile(r'^/apple-touch-icon.*\.png$'),
|
|
re.compile(r'^/favicon\.ico$'),
|
|
re.compile(r'^/robots\.txt$'),
|
|
)
|
|
|
|
(Note that these are regular expressions, so we put a backslash in front of
|
|
periods to escape them.)
|
|
|
|
.. seealso::
|
|
|
|
404 errors are logged using the logging framework. By default, these log
|
|
records are ignored, but you can use them for error reporting by writing a
|
|
handler and :doc:`configuring logging </topics/logging>` appropriately.
|
|
|
|
.. _filtering-error-reports:
|
|
|
|
Filtering error reports
|
|
-----------------------
|
|
|
|
Filtering sensitive information
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Error reports are really helpful for debugging errors, so it is generally
|
|
useful to record as much relevant information about those errors as possible.
|
|
For example, by default Django records the `full traceback`_ for the
|
|
exception raised, each `traceback frame`_'s local variables, and the
|
|
:class:`~django.http.HttpRequest`'s :ref:`attributes<httprequest-attributes>`.
|
|
|
|
However, sometimes certain types of information may be too sensitive and thus
|
|
may not be appropriate to be kept track of, for example a user's password or
|
|
credit card number. So Django offers a set of function decorators to help you
|
|
control which information should be filtered out of error reports in a
|
|
production environment (that is, where :setting:`DEBUG` is set to ``False``):
|
|
:func:`sensitive_variables` and :func:`sensitive_post_parameters`.
|
|
|
|
.. _`full traceback`: http://en.wikipedia.org/wiki/Stack_trace
|
|
.. _`traceback frame`: http://en.wikipedia.org/wiki/Stack_frame
|
|
|
|
.. function:: sensitive_variables(*variables)
|
|
|
|
If a function (either a view or any regular callback) in your code uses
|
|
local variables susceptible to contain sensitive information, you may
|
|
prevent the values of those variables from being included in error reports
|
|
using the ``sensitive_variables`` decorator::
|
|
|
|
from django.views.decorators.debug import sensitive_variables
|
|
|
|
@sensitive_variables('user', 'pw', 'cc')
|
|
def process_info(user):
|
|
pw = user.pass_word
|
|
cc = user.credit_card_number
|
|
name = user.name
|
|
...
|
|
|
|
In the above example, the values for the ``user``, ``pw`` and ``cc``
|
|
variables will be hidden and replaced with stars (`**********`) in the
|
|
error reports, whereas the value of the ``name`` variable will be
|
|
disclosed.
|
|
|
|
To systematically hide all local variables of a function from error logs,
|
|
do not provide any argument to the ``sensitive_variables`` decorator::
|
|
|
|
@sensitive_variables()
|
|
def my_function():
|
|
...
|
|
|
|
.. admonition:: When using mutiple decorators
|
|
|
|
If the variable you want to hide is also a function argument (e.g.
|
|
'``user``' in the following example), and if the decorated function has
|
|
mutiple decorators, then make sure to place ``@sensitive_variables`` at
|
|
the top of the decorator chain. This way it will also hide the function
|
|
argument as it gets passed through the other decorators::
|
|
|
|
@sensitive_variables('user', 'pw', 'cc')
|
|
@some_decorator
|
|
@another_decorator
|
|
def process_info(user):
|
|
...
|
|
|
|
.. function:: sensitive_post_parameters(*parameters)
|
|
|
|
If one of your views receives an :class:`~django.http.HttpRequest` object
|
|
with :attr:`POST parameters<django.http.HttpRequest.POST>` susceptible to
|
|
contain sensitive information, you may prevent the values of those
|
|
parameters from being included in the error reports using the
|
|
``sensitive_post_parameters`` decorator::
|
|
|
|
from django.views.decorators.debug import sensitive_post_parameters
|
|
|
|
@sensitive_post_parameters('pass_word', 'credit_card_number')
|
|
def record_user_profile(request):
|
|
UserProfile.create(user=request.user,
|
|
password=request.POST['pass_word'],
|
|
credit_card=request.POST['credit_card_number'],
|
|
name=request.POST['name'])
|
|
...
|
|
|
|
In the above example, the values for the ``pass_word`` and
|
|
``credit_card_number`` POST parameters will be hidden and replaced with
|
|
stars (`**********`) in the request's representation inside the error
|
|
reports, whereas the value of the ``name`` parameter will be disclosed.
|
|
|
|
To systematically hide all POST parameters of a request in error reports,
|
|
do not provide any argument to the ``sensitive_post_parameters`` decorator::
|
|
|
|
@sensitive_post_parameters()
|
|
def my_view(request):
|
|
...
|
|
|
|
All POST parameters are systematically filtered out of error reports for
|
|
certain :mod:`django.contrib.auth.views` views (``login``,
|
|
``password_reset_confirm``, ``password_change``, and ``add_view`` and
|
|
``user_change_password`` in the ``auth`` admin) to prevent the leaking of
|
|
sensitive information such as user passwords.
|
|
|
|
.. _custom-error-reports:
|
|
|
|
Custom error reports
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
|
|
All :func:`sensitive_variables` and :func:`sensitive_post_parameters` do is,
|
|
respectively, annotate the decorated function with the names of sensitive
|
|
variables and annotate the ``HttpRequest`` object with the names of sensitive
|
|
POST parameters, so that this sensitive information can later be filtered out
|
|
of reports when an error occurs. The actual filtering is done by Django's
|
|
default error reporter filter:
|
|
:class:`django.views.debug.SafeExceptionReporterFilter`. This filter uses the
|
|
decorators' annotations to replace the corresponding values with stars
|
|
(`**********`) when the error reports are produced. If you wish to override or
|
|
customize this default behavior for your entire site, you need to define your
|
|
own filter class and tell Django to use it via the
|
|
:setting:`DEFAULT_EXCEPTION_REPORTER_FILTER` setting::
|
|
|
|
DEFAULT_EXCEPTION_REPORTER_FILTER = 'path.to.your.CustomExceptionReporterFilter'
|
|
|
|
You may also control in a more granular way which filter to use within any
|
|
given view by setting the ``HttpRequest``'s ``exception_reporter_filter``
|
|
attribute::
|
|
|
|
def my_view(request):
|
|
if request.user.is_authenticated():
|
|
request.exception_reporter_filter = CustomExceptionReporterFilter()
|
|
...
|
|
|
|
Your custom filter class needs to inherit from
|
|
:class:`django.views.debug.SafeExceptionReporterFilter` and may override the
|
|
following methods:
|
|
|
|
.. class:: django.views.debug.SafeExceptionReporterFilter
|
|
|
|
.. method:: SafeExceptionReporterFilter.is_active(self, request)
|
|
|
|
Returns ``True`` to activate the filtering operated in the other methods.
|
|
By default the filter is active if :setting:`DEBUG` is ``False``.
|
|
|
|
.. method:: SafeExceptionReporterFilter.get_request_repr(self, request)
|
|
|
|
Returns the representation string of the request object, that is, the
|
|
value that would be returned by ``repr(request)``, except it uses the
|
|
filtered dictionary of POST parameters as determined by
|
|
:meth:`SafeExceptionReporterFilter.get_post_parameters`.
|
|
|
|
.. method:: SafeExceptionReporterFilter.get_post_parameters(self, request)
|
|
|
|
Returns the filtered dictionary of POST parameters. By default it replaces
|
|
the values of sensitive parameters with stars (`**********`).
|
|
|
|
.. method:: SafeExceptionReporterFilter.get_traceback_frame_variables(self, request, tb_frame)
|
|
|
|
Returns the filtered dictionary of local variables for the given traceback
|
|
frame. By default it replaces the values of sensitive variables with stars
|
|
(`**********`).
|
|
|
|
.. seealso::
|
|
|
|
You can also set up custom error reporting by writing a custom piece of
|
|
:ref:`exception middleware <exception-middleware>`. If you do write custom
|
|
error handling, it's a good idea to emulate Django's built-in error handling
|
|
and only report/log errors if :setting:`DEBUG` is ``False``.
|