GDPR and parent domain cookies

89 views
Skip to first unread message

vakor...@gmail.com

unread,
Aug 27, 2018, 9:41:32 AM8/27/18
to Django developers (Contributions to Django itself)
Email error reports sent from Django (when DEBUG=False) include information about parent domain cookies, which may contain personal data. This may create issues related to the GDPR (the European General Data Protection Regulation), as one can't control the cookies from services hosted on parent domain(s), while it is necessary to provide full information about personal data handling to the user with the possibility to delete the data on request.

In short words, to be GDPR-compliant, we should be able to exclude potentially risky data from the error reports.

I created a ticket in the Django bugtracker about introducing an option to hide cookies in error reports. It was pointed out to me, that it's possible to implement a custom "SafeExceptionReporterFilter", but i still think that the situation with the cookies should be clarified somehow explicitly in the "HowTo" section dedicated to error reporting.

There is already a topic related to GDPR:  https://groups.google.com/forum/#!topic/django-developers/Xhg-0JeDN50/discussion, but so far there hasn't been any discussion going on there.

Michael Manfre

unread,
Aug 27, 2018, 11:07:34 AM8/27/18
to django-d...@googlegroups.com
It's possible to entirely control the emails that are sent out by defining your own AdminEmailHandler and overriding the LOGGING configuration to use it. I described how on the ticket. The process is a bit cumbersome if all you want to do is replace the usage of ExceptionReporter and I think we should improve that. I'm +1 on reopening the ticket to make it easier to swap in a custom ExceptionReporter for AdminEmailHandler.

Regards,
Michael Manfre

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To post to this group, send email to django-d...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/ef2ed833-2512-4105-9de4-77d33bc6c823%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Carlton Gibson

unread,
Aug 27, 2018, 3:07:46 PM8/27/18
to Django developers (Contributions to Django itself)
Hi Vasili and Micheal. 

I misread `SafeExceptionReporterFilter` as implementing the key `ExceptionReporter` method. 

I totally agree with the assessment. Have reopened and Accepted on that basis. 

Good work! Thank you! 

Carlton
Reply all
Reply to author
Forward
0 new messages