Commit 31e26d23 authored by Sébastiaan Versteeg's avatar Sébastiaan Versteeg
Browse files

Merge branch 'filter_authorization_header' into 'master'

Implement exception filter

Closes #534

See merge request !622
parents 99db59f1 bfdb0b5a
......@@ -284,3 +284,7 @@ TINYMCE_DEFAULT_CONFIG = {
'relative_urls': False,
'remove_script_host': False,
}
DEFAULT_EXCEPTION_REPORTER_FILTER = (
'utils.exception_filter.ThaliaSafeExceptionReporterFilter')
import logging
from django.views.debug import (SafeExceptionReporterFilter,
CLEANSED_SUBSTITUTE)
logger = logging.getLogger(__name__)
class ThaliaSafeExceptionReporterFilter(SafeExceptionReporterFilter):
"""Filter additional variables from tracebacks"""
def get_traceback_frame_variables(self, request, tb_frame):
"""Filter traceback frame variables"""
local_vars = super().get_traceback_frame_variables(request, tb_frame)
if self.is_active(request):
for name, val in local_vars:
if name == 'request':
try:
val.COOKIES = {'cookies have been cleaned': True}
val.META['HTTP_COOKIE'] = CLEANSED_SUBSTITUTE
val.META['HTTP_AUTHORIZATION'] = CLEANSED_SUBSTITUTE
except (AttributeError, IndexError):
logger.exception("Somehow cleaning the request failed")
return local_vars
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment