#24545: sensitive_post_parameters disclosure in csrf_exempt wrapper -------------------------------+--------------------------------------- Reporter: H0neyBadger | Owner: nobody Type: Bug | Status: new Component: Uncategorized | Version: 1.7 Severity: Normal | Keywords: sensitive_post_parameters Triage Stage: Unreviewed | Has patch: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------+--------------------------------------- Hello, I currently developing on 'Django Rest framework' and I try to hide some parameters in django error report. Unfortunately, the csrf_exempt method in the Traceback reveals sensitive post data to the admin
I think adding request in the wrapper should do the trick {{{ def wrapped_view(request, *args, **kwargs): return view_func(request, *args, **kwargs) }}} Exception filter: SafeExceptionReporterFilter Decorator : @sensitive_post_parameters Debug = False Django 1.7.7 Python 3.4.2 -- Ticket URL: <https://code.djangoproject.com/ticket/24545> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/054.5626b94671a8707a9c1c251cdc34e718%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.