Fixed #35646 -- Extended SafeExceptionReporterFilter.hidden_settings to treat `AUTH` as a sensitive match.

Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>

django/views/debug.py

@@ -113,7 +113,7 @@ class SafeExceptionReporterFilter:
 
     cleansed_substitute = "********************"
     hidden_settings = _lazy_re_compile(
-        "API|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.I
+        "API|AUTH|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.I
     )
 
     def cleanse_setting(self, key, value):

docs/howto/error-reporting.txt

@@ -282,7 +282,11 @@ following attributes and methods:
 
             import re
 
-            re.compile(r"API|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.IGNORECASE)
+            re.compile(r"API|AUTH|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.IGNORECASE)
+
+        .. versionchanged:: 5.2
+
+            The term ``AUTH`` was added.
 
     .. method:: is_active(request)
 

docs/releases/5.2.txt

@@ -150,7 +150,8 @@ Email
 Error Reporting
 ~~~~~~~~~~~~~~~
 
-* ...
+* The attribute :attr:`.SafeExceptionReporterFilter.hidden_settings` now
+  treats values as sensitive if their name includes ``AUTH``.
 
 File Storage
 ~~~~~~~~~~~~

tests/view_tests/tests/test_debug.py

@@ -1557,7 +1557,8 @@ class ExceptionReporterFilterTests(
         "SECRET_KEY_FALLBACKS",
         "PASSWORD",
         "API_KEY",
-        "AUTH_TOKEN",
+        "SOME_TOKEN",
+        "MY_AUTH",
     ]
 
     def test_non_sensitive_request(self):
@@ -1885,6 +1886,7 @@ class ExceptionReporterFilterTests(
             "PASSWORD": "super secret",
             "SECRET_VALUE": "super secret",
             "SOME_TOKEN": "super secret",
+            "THE_AUTH": "super secret",
         }
         request = self.rf.get("/", headers=headers)
         reporter_filter = SafeExceptionReporterFilter()