Unverified Commit bfdb0b5a authored by Thom Wiggers's avatar Thom Wiggers 📐
Browse files

Implement exception filter

Hides HTTP Cookies and Authorization header
parent 99db59f1
......@@ -284,3 +284,7 @@ TINYMCE_DEFAULT_CONFIG = {
'relative_urls': False,
'remove_script_host': False,
}
DEFAULT_EXCEPTION_REPORTER_FILTER = (
'utils.exception_filter.ThaliaSafeExceptionReporterFilter')
import logging
from django.views.debug import (SafeExceptionReporterFilter,
CLEANSED_SUBSTITUTE)
logger = logging.getLogger(__name__)
class ThaliaSafeExceptionReporterFilter(SafeExceptionReporterFilter):
"""Filter additional variables from tracebacks"""
def get_traceback_frame_variables(self, request, tb_frame):
"""Filter traceback frame variables"""
local_vars = super().get_traceback_frame_variables(request, tb_frame)
if self.is_active(request):
for name, val in local_vars:
if name == 'request':
try:
val.COOKIES = {'cookies have been cleaned': True}
val.META['HTTP_COOKIE'] = CLEANSED_SUBSTITUTE
val.META['HTTP_AUTHORIZATION'] = CLEANSED_SUBSTITUTE
except (AttributeError, IndexError):
logger.exception("Somehow cleaning the request failed")
return local_vars
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment