1👍
✅
sensitive_variables is documented as a decorator rather than an argument to a decorator. And even with the correct syntax, it’s possible but unlikely that “treated in a special way” means that the variables will not be visible in debugging information.
Production servers should never be run with DEBUG=True, and sensitive variables should never appear in any logs generated by a production server. But when debugging, the goal is to have all the information necessary to track down problems, which includes passwords. Let us know if the debug page generator censors sensitive variables. That would be a surprise.
def sensitive_variables(*variables):
"""
Indicates which variables used in the decorated function are sensitive, so
that those variables can later be treated in a special way, for example
by hiding them when logging unhandled exceptions.
Two forms are accepted:
* with specified variable names:
@sensitive_variables('user', 'password', 'credit_card')
def my_function(user):
password = user.pass_word
credit_card = user.credit_card_number
...
* without any specified variable names, in which case it is assumed that
all variables are considered sensitive:
@sensitive_variables()
def my_function()
...
"""
👤Dave
0👍
The problem might be that you have forgotten to call the methods. Try the following:
@method_decorator(sensitive_variables())
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)
@method_decorator(sensitive_post_parameters())
def dispatch(self, *args, **kwargs):
- Extending the page in Django
- Badly Formed hexadecimal uuid string error in Django fixture
- Django: A serious issue or is there a way around?
Source:stackexchange.com