Skip to content

prevent contact data from being included in debug logs

Bengfort requested to merge prevent-contact-data-in-debug into main

steps to reproduce:

  • set DEBUG = False
  • set ADMINS to a non-empty value
  • raise an exception in some POST handler
  • make a POST request to that view

The default logging configuration will generate a debug mail to the addresses defined in ADMINS. This message contains all environment variables, settings, GET and POST parameters, and a stack trace.

With this change, all POST parameters for contact-related views will be replaced by '*********'.

Note that the SCHEDULER_TOKEN is automatically replaced by the default rules.

Edited by Bengfort

Merge request reports