mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	[4.2.x] Doc'd use of asgiref.sync adapters with sensitive variables.
Backport of 6087bc4e15 from main.
			
			
This commit is contained in:
		| @@ -194,6 +194,17 @@ filtered out of error reports in a production environment (that is, where | |||||||
|             def process_info(user): |             def process_info(user): | ||||||
|                 ... |                 ... | ||||||
|  |  | ||||||
|  |     .. warning:: | ||||||
|  |  | ||||||
|  |         Due to the machinery needed to cross the sync/async boundary, | ||||||
|  |         :func:`~asgiref.sync.sync_to_async` and | ||||||
|  |         :func:`~asgiref.sync.async_to_sync` are **not** compatible with | ||||||
|  |         ``sensitive_variables()``. | ||||||
|  |  | ||||||
|  |         If using these adapters with sensitive variables, ensure to audit | ||||||
|  |         exception reporting, and consider implementing a :ref:`custom filter | ||||||
|  |         <custom-error-reports>` if necessary. | ||||||
|  |  | ||||||
| .. function:: sensitive_post_parameters(*parameters) | .. function:: sensitive_post_parameters(*parameters) | ||||||
|  |  | ||||||
|     If one of your views receives an :class:`~django.http.HttpRequest` object |     If one of your views receives an :class:`~django.http.HttpRequest` object | ||||||
|   | |||||||
| @@ -338,3 +338,17 @@ trigger the thread safety checks: | |||||||
| Rather, you should encapsulate all database access within a helper function | Rather, you should encapsulate all database access within a helper function | ||||||
| that can be called with ``sync_to_async()`` without relying on the connection | that can be called with ``sync_to_async()`` without relying on the connection | ||||||
| object in the calling code. | object in the calling code. | ||||||
|  |  | ||||||
|  | Use with exception reporting filters | ||||||
|  | ------------------------------------ | ||||||
|  |  | ||||||
|  | .. warning:: | ||||||
|  |  | ||||||
|  |     Due to the machinery needed to cross the sync/async boundary, | ||||||
|  |     ``sync_to_async()`` and ``async_to_sync()`` are **not** compatible with | ||||||
|  |     :func:`~django.views.decorators.debug.sensitive_variables`, used to mask | ||||||
|  |     local variables from exception reports. | ||||||
|  |  | ||||||
|  |     If using these adapters with sensitive variables, ensure to audit exception | ||||||
|  |     reporting, and consider implementing a :ref:`custom filter | ||||||
|  |     <custom-error-reports>` if necessary. | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user