Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Common OAuth terms into debug hidden values #211

Closed
wants to merge 1 commit into from

2 participants

@Miserlou

Django already does a pretty nice job of protecting certain hidden values in DEBUG mode. This changes adds a few more values to sanitized based on common terminology of the OAuth protocol.

@andrewgodwin

This feels like too wide a change considering those terms only appear in OAuth1, not OAuth2, so I'm going to close it. If you'd like to discuss it further, please open a ticket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jul 16, 2012
  1. @Miserlou
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  django/views/debug.py
View
2  django/views/debug.py
@@ -16,7 +16,7 @@
from django.utils.importlib import import_module
from django.utils.encoding import smart_unicode, smart_str
-HIDDEN_SETTINGS = re.compile('API|TOKEN|KEY|SECRET|PASS|PROFANITIES_LIST|SIGNATURE')
+HIDDEN_SETTINGS = re.compile('API|TOKEN|KEY|SECRET|PASS|PROFANITIES_LIST|SIGNATURE|CONSUMER|ACCESS')
CLEANSED_SUBSTITUTE = '********************'
Something went wrong with that request. Please try again.