diff options
author | Carlton Gibson <carlton.gibson@noumenal.es> | 2023-03-22 12:32:13 +0100 |
---|---|---|
committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2023-03-22 16:24:56 +0100 |
commit | d118cbb1ed5500c98e96531ec13815764867730f (patch) | |
tree | 979acdc4617f5f7186a4a6f559fd6d0a15f3005f | |
parent | e4fad1372d59f0e65f6bab5948c7b73791aa7840 (diff) | |
download | django-d118cbb1ed5500c98e96531ec13815764867730f.tar.gz |
[4.2.x] Doc'd use of asgiref.sync adapters with sensitive variables.
Backport of 6087bc4e15e89d968396807f8485f4b5624c4f03 from main.
-rw-r--r-- | docs/howto/error-reporting.txt | 11 | ||||
-rw-r--r-- | docs/topics/async.txt | 14 |
2 files changed, 25 insertions, 0 deletions
diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index 95adfce755..fd465ecf6b 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -194,6 +194,17 @@ filtered out of error reports in a production environment (that is, where def process_info(user): ... + .. warning:: + + Due to the machinery needed to cross the sync/async boundary, + :func:`~asgiref.sync.sync_to_async` and + :func:`~asgiref.sync.async_to_sync` are **not** compatible with + ``sensitive_variables()``. + + If using these adapters with sensitive variables, ensure to audit + exception reporting, and consider implementing a :ref:`custom filter + <custom-error-reports>` if necessary. + .. function:: sensitive_post_parameters(*parameters) If one of your views receives an :class:`~django.http.HttpRequest` object diff --git a/docs/topics/async.txt b/docs/topics/async.txt index f4483501bd..65138eb2b5 100644 --- a/docs/topics/async.txt +++ b/docs/topics/async.txt @@ -338,3 +338,17 @@ trigger the thread safety checks: Rather, you should encapsulate all database access within a helper function that can be called with ``sync_to_async()`` without relying on the connection object in the calling code. + +Use with exception reporting filters +------------------------------------ + +.. warning:: + + Due to the machinery needed to cross the sync/async boundary, + ``sync_to_async()`` and ``async_to_sync()`` are **not** compatible with + :func:`~django.views.decorators.debug.sensitive_variables`, used to mask + local variables from exception reports. + + If using these adapters with sensitive variables, ensure to audit exception + reporting, and consider implementing a :ref:`custom filter + <custom-error-reports>` if necessary. |