Re: [Django] #31604: Should SafeExceptionReporterFilter cleanse setting keys whose name matches "URL" in part, too?
Django
"URL" in part, too?
-----------------------------------+--------------------------------------
Reporter: Sebastian Pipping | Owner: (none)
Type: Uncategorized | Status: closed
Component: Error reporting | Version: master
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------------+--------------------------------------
Changes (by Carlton Gibson):
* status: new => closed
* resolution: => wontfix
Comment:
Hi. Thanks for the report.
I think the idea is precisely that after #23004 you customise this for
your own project. The underlying issue is that there are any number of
possible customisations that would be appropriate for some given project,
and it's simply not feasible to keep adding them all.
In this particular case, the additional benefit to parsing sensitive URLs
(vs simply filtering them entirely in a subclass) doesn't seem worth the
complexity. (Given that URLs end up in log files, which is out-of-scope
for Django, we see complaints if sensitive values get used in URLs at all,
so I'm half-inclined towards thinking the issue here lies elsewhere.)
I hope that makes sense.
--
Ticket URL: <https://code.djangoproject.com/ticket/31604#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.