prevent contact data from being included in debug logs (!1975) · Merge requests · castellum / castellum

Bengfort requested to merge prevent-contact-data-in-debug into main Jul 19, 2021

steps to reproduce:

set DEBUG = False
set ADMINS to a non-empty value
raise an exception in some POST handler
make a POST request to that view

The default logging configuration will generate a debug mail to the addresses defined in ADMINS. This message contains all environment variables, settings, GET and POST parameters, and a stack trace.

With this change, all POST parameters for contact-related views will be replaced by '*********'.

Note that the SCHEDULER_TOKEN is automatically replaced by the default rules.

Edited Jul 19, 2021 by Bengfort

prevent contact data from being included in debug logs

Merge request reports