Sanitize RequestPanel data behind a setting
#2074
Assignees
Labels
Comments
dr-rompecabezas
added a commit
to dr-rompecabezas/django-debug-toolbar
that referenced
this issue
Mar 12, 2025
- Added `SANITIZE_REQUEST_DATA` setting to control sanitization of request data. - Implemented `sanitize_value` function to sanitize sensitive data based on key patterns. - Updated `get_sorted_request_variable` to support sanitization. - Added tests for sanitization of GET, POST, cookies, and session data. - Updated documentation to include new settings. django-commons#2074
This was referenced Mar 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should sanitize the
RequestPanelstats behind a setting. This would prevent us from storing passwords from monitored/login/requests and other sensitive data. While this isn't a major concern while the toolbar runs in memory, when we start storing data this becomes a big concern.This is somewhat related to #2048 (comment). See https://github.com/django/django/blob/main/django/views/debug.py#L115-L130 for an example on how to do this.
The text was updated successfully, but these errors were encountered: