2
0

error-reporting.txt 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383
  1. =============================
  2. How to manage error reporting
  3. =============================
  4. When you're running a public site you should always turn off the
  5. :setting:`DEBUG` setting. That will make your server run much faster, and will
  6. also prevent malicious users from seeing details of your application that can be
  7. revealed by the error pages.
  8. However, running with :setting:`DEBUG` set to ``False`` means you'll never see
  9. errors generated by your site -- everyone will instead see your public error
  10. pages. You need to keep track of errors that occur in deployed sites, so Django
  11. can be configured to create reports with details about those errors.
  12. Email reports
  13. =============
  14. Server errors
  15. -------------
  16. When :setting:`DEBUG` is ``False``, Django will email the users listed in the
  17. :setting:`ADMINS` setting whenever your code raises an unhandled exception and
  18. results in an internal server error (strictly speaking, for any response with
  19. an HTTP status code of 500 or greater). This gives the administrators immediate
  20. notification of any errors. The :setting:`ADMINS` will get a description of the
  21. error, a complete Python traceback, and details about the HTTP request that
  22. caused the error.
  23. .. note::
  24. In order to send email, Django requires a few settings telling it
  25. how to connect to your mail server. At the very least, you'll need
  26. to specify :setting:`EMAIL_HOST` and possibly
  27. :setting:`EMAIL_HOST_USER` and :setting:`EMAIL_HOST_PASSWORD`,
  28. though other settings may be also required depending on your mail
  29. server's configuration. Consult :doc:`the Django settings
  30. documentation </ref/settings>` for a full list of email-related
  31. settings.
  32. By default, Django will send email from root@localhost. However, some mail
  33. providers reject all email from this address. To use a different sender
  34. address, modify the :setting:`SERVER_EMAIL` setting.
  35. To activate this behavior, put the email addresses of the recipients in the
  36. :setting:`ADMINS` setting.
  37. .. seealso::
  38. Server error emails are sent using the logging framework, so you can
  39. customize this behavior by :doc:`customizing your logging configuration
  40. </topics/logging>`.
  41. 404 errors
  42. ----------
  43. Django can also be configured to email errors about broken links (404 "page
  44. not found" errors). Django sends emails about 404 errors when:
  45. * :setting:`DEBUG` is ``False``;
  46. * Your :setting:`MIDDLEWARE` setting includes
  47. :class:`django.middleware.common.BrokenLinkEmailsMiddleware`.
  48. If those conditions are met, Django will email the users listed in the
  49. :setting:`MANAGERS` setting whenever your code raises a 404 and the request has
  50. a referer. It doesn't bother to email for 404s that don't have a referer --
  51. those are usually people typing in broken URLs or broken web bots. It also
  52. ignores 404s when the referer is equal to the requested URL, since this
  53. behavior is from broken web bots too.
  54. .. note::
  55. :class:`~django.middleware.common.BrokenLinkEmailsMiddleware` must appear
  56. before other middleware that intercepts 404 errors, such as
  57. :class:`~django.middleware.locale.LocaleMiddleware` or
  58. :class:`~django.contrib.flatpages.middleware.FlatpageFallbackMiddleware`.
  59. Put it toward the top of your :setting:`MIDDLEWARE` setting.
  60. You can tell Django to stop reporting particular 404s by tweaking the
  61. :setting:`IGNORABLE_404_URLS` setting. It should be a list of compiled
  62. regular expression objects. For example::
  63. import re
  64. IGNORABLE_404_URLS = [
  65. re.compile(r"\.(php|cgi)$"),
  66. re.compile(r"^/phpmyadmin/"),
  67. ]
  68. In this example, a 404 to any URL ending with ``.php`` or ``.cgi`` will *not* be
  69. reported. Neither will any URL starting with ``/phpmyadmin/``.
  70. The following example shows how to exclude some conventional URLs that browsers and
  71. crawlers often request::
  72. import re
  73. IGNORABLE_404_URLS = [
  74. re.compile(r"^/apple-touch-icon.*\.png$"),
  75. re.compile(r"^/favicon\.ico$"),
  76. re.compile(r"^/robots\.txt$"),
  77. ]
  78. (Note that these are regular expressions, so we put a backslash in front of
  79. periods to escape them.)
  80. If you'd like to customize the behavior of
  81. :class:`django.middleware.common.BrokenLinkEmailsMiddleware` further (for
  82. example to ignore requests coming from web crawlers), you should subclass it
  83. and override its methods.
  84. .. seealso::
  85. 404 errors are logged using the logging framework. By default, these log
  86. records are ignored, but you can use them for error reporting by writing a
  87. handler and :doc:`configuring logging </topics/logging>` appropriately.
  88. .. _filtering-error-reports:
  89. Filtering error reports
  90. =======================
  91. .. warning::
  92. Filtering sensitive data is a hard problem, and it's nearly impossible to
  93. guarantee that sensitive data won't leak into an error report. Therefore,
  94. error reports should only be available to trusted team members and you
  95. should avoid transmitting error reports unencrypted over the internet
  96. (such as through email).
  97. Filtering sensitive information
  98. -------------------------------
  99. .. currentmodule:: django.views.decorators.debug
  100. Error reports are really helpful for debugging errors, so it is generally
  101. useful to record as much relevant information about those errors as possible.
  102. For example, by default Django records the `full traceback`_ for the
  103. exception raised, each `traceback frame`_’s local variables, and the
  104. :class:`~django.http.HttpRequest`’s :ref:`attributes<httprequest-attributes>`.
  105. However, sometimes certain types of information may be too sensitive and thus
  106. may not be appropriate to be kept track of, for example a user's password or
  107. credit card number. So in addition to filtering out settings that appear to be
  108. sensitive as described in the :setting:`DEBUG` documentation, Django offers a
  109. set of function decorators to help you control which information should be
  110. filtered out of error reports in a production environment (that is, where
  111. :setting:`DEBUG` is set to ``False``): :func:`sensitive_variables` and
  112. :func:`sensitive_post_parameters`.
  113. .. _`full traceback`: https://en.wikipedia.org/wiki/Stack_trace
  114. .. _`traceback frame`: https://en.wikipedia.org/wiki/Stack_frame
  115. .. function:: sensitive_variables(*variables)
  116. If a function (either a view or any regular callback) in your code uses
  117. local variables susceptible to contain sensitive information, you may
  118. prevent the values of those variables from being included in error reports
  119. using the ``sensitive_variables`` decorator::
  120. from django.views.decorators.debug import sensitive_variables
  121. @sensitive_variables("user", "pw", "cc")
  122. def process_info(user):
  123. pw = user.pass_word
  124. cc = user.credit_card_number
  125. name = user.name
  126. ...
  127. In the above example, the values for the ``user``, ``pw`` and ``cc``
  128. variables will be hidden and replaced with stars (``**********``)
  129. in the error reports, whereas the value of the ``name`` variable will be
  130. disclosed.
  131. To systematically hide all local variables of a function from error logs,
  132. do not provide any argument to the ``sensitive_variables`` decorator::
  133. @sensitive_variables()
  134. def my_function(): ...
  135. .. admonition:: When using multiple decorators
  136. If the variable you want to hide is also a function argument (e.g.
  137. '``user``’ in the following example), and if the decorated function has
  138. multiple decorators, then make sure to place ``@sensitive_variables``
  139. at the top of the decorator chain. This way it will also hide the
  140. function argument as it gets passed through the other decorators::
  141. @sensitive_variables("user", "pw", "cc")
  142. @some_decorator
  143. @another_decorator
  144. def process_info(user): ...
  145. .. function:: sensitive_post_parameters(*parameters)
  146. If one of your views receives an :class:`~django.http.HttpRequest` object
  147. with :attr:`POST parameters<django.http.HttpRequest.POST>` susceptible to
  148. contain sensitive information, you may prevent the values of those
  149. parameters from being included in the error reports using the
  150. ``sensitive_post_parameters`` decorator::
  151. from django.views.decorators.debug import sensitive_post_parameters
  152. @sensitive_post_parameters("pass_word", "credit_card_number")
  153. def record_user_profile(request):
  154. UserProfile.create(
  155. user=request.user,
  156. password=request.POST["pass_word"],
  157. credit_card=request.POST["credit_card_number"],
  158. name=request.POST["name"],
  159. )
  160. ...
  161. In the above example, the values for the ``pass_word`` and
  162. ``credit_card_number`` POST parameters will be hidden and replaced with
  163. stars (``**********``) in the request's representation inside the
  164. error reports, whereas the value of the ``name`` parameter will be
  165. disclosed.
  166. To systematically hide all POST parameters of a request in error reports,
  167. do not provide any argument to the ``sensitive_post_parameters`` decorator::
  168. @sensitive_post_parameters()
  169. def my_view(request): ...
  170. All POST parameters are systematically filtered out of error reports for
  171. certain :mod:`django.contrib.auth.views` views (``login``,
  172. ``password_reset_confirm``, ``password_change``, and ``add_view`` and
  173. ``user_change_password`` in the ``auth`` admin) to prevent the leaking of
  174. sensitive information such as user passwords.
  175. .. _custom-error-reports:
  176. Custom error reports
  177. --------------------
  178. All :func:`sensitive_variables` and :func:`sensitive_post_parameters` do is,
  179. respectively, annotate the decorated function with the names of sensitive
  180. variables and annotate the ``HttpRequest`` object with the names of sensitive
  181. POST parameters, so that this sensitive information can later be filtered out
  182. of reports when an error occurs. The actual filtering is done by Django's
  183. default error reporter filter:
  184. :class:`django.views.debug.SafeExceptionReporterFilter`. This filter uses the
  185. decorators' annotations to replace the corresponding values with stars
  186. (``**********``) when the error reports are produced. If you wish to
  187. override or customize this default behavior for your entire site, you need to
  188. define your own filter class and tell Django to use it via the
  189. :setting:`DEFAULT_EXCEPTION_REPORTER_FILTER` setting::
  190. DEFAULT_EXCEPTION_REPORTER_FILTER = "path.to.your.CustomExceptionReporterFilter"
  191. You may also control in a more granular way which filter to use within any
  192. given view by setting the ``HttpRequest``’s ``exception_reporter_filter``
  193. attribute::
  194. def my_view(request):
  195. if request.user.is_authenticated:
  196. request.exception_reporter_filter = CustomExceptionReporterFilter()
  197. ...
  198. .. currentmodule:: django.views.debug
  199. Your custom filter class needs to inherit from
  200. :class:`django.views.debug.SafeExceptionReporterFilter` and may override the
  201. following attributes and methods:
  202. .. class:: SafeExceptionReporterFilter
  203. .. attribute:: cleansed_substitute
  204. The string value to replace sensitive value with. By default it
  205. replaces the values of sensitive variables with stars
  206. (``**********``).
  207. .. attribute:: hidden_settings
  208. A compiled regular expression object used to match settings and
  209. ``request.META`` values considered as sensitive. By default equivalent
  210. to::
  211. import re
  212. re.compile(r"API|AUTH|TOKEN|KEY|SECRET|PASS|SIGNATURE|HTTP_COOKIE", flags=re.IGNORECASE)
  213. .. versionchanged:: 5.2
  214. The term ``AUTH`` was added.
  215. .. method:: is_active(request)
  216. Returns ``True`` to activate the filtering in
  217. :meth:`get_post_parameters` and :meth:`get_traceback_frame_variables`.
  218. By default the filter is active if :setting:`DEBUG` is ``False``. Note
  219. that sensitive ``request.META`` values are always filtered along with
  220. sensitive setting values, as described in the :setting:`DEBUG`
  221. documentation.
  222. .. method:: get_post_parameters(request)
  223. Returns the filtered dictionary of POST parameters. Sensitive values
  224. are replaced with :attr:`cleansed_substitute`.
  225. .. method:: get_traceback_frame_variables(request, tb_frame)
  226. Returns the filtered dictionary of local variables for the given
  227. traceback frame. Sensitive values are replaced with
  228. :attr:`cleansed_substitute`.
  229. If you need to customize error reports beyond filtering you may specify a
  230. custom error reporter class by defining the
  231. :setting:`DEFAULT_EXCEPTION_REPORTER` setting::
  232. DEFAULT_EXCEPTION_REPORTER = "path.to.your.CustomExceptionReporter"
  233. The exception reporter is responsible for compiling the exception report data,
  234. and formatting it as text or HTML appropriately. (The exception reporter uses
  235. :setting:`DEFAULT_EXCEPTION_REPORTER_FILTER` when preparing the exception
  236. report data.)
  237. Your custom reporter class needs to inherit from
  238. :class:`django.views.debug.ExceptionReporter`.
  239. .. class:: ExceptionReporter
  240. .. attribute:: html_template_path
  241. Property that returns a :class:`pathlib.Path` representing the absolute
  242. filesystem path to a template for rendering the HTML representation of
  243. the exception. Defaults to the Django provided template.
  244. .. attribute:: text_template_path
  245. Property that returns a :class:`pathlib.Path` representing the absolute
  246. filesystem path to a template for rendering the plain-text
  247. representation of the exception. Defaults to the Django provided
  248. template.
  249. .. method:: get_traceback_data()
  250. Return a dictionary containing traceback information.
  251. This is the main extension point for customizing exception reports, for
  252. example::
  253. from django.views.debug import ExceptionReporter
  254. class CustomExceptionReporter(ExceptionReporter):
  255. def get_traceback_data(self):
  256. data = super().get_traceback_data()
  257. # ... remove/add something here ...
  258. return data
  259. .. method:: get_traceback_html()
  260. Return HTML version of exception report.
  261. Used for HTML version of debug 500 HTTP error page.
  262. .. method:: get_traceback_text()
  263. Return plain text version of exception report.
  264. Used for plain text version of debug 500 HTTP error page and email
  265. reports.
  266. As with the filter class, you may control which exception reporter class to use
  267. within any given view by setting the ``HttpRequest``’s
  268. ``exception_reporter_class`` attribute::
  269. def my_view(request):
  270. if request.user.is_authenticated:
  271. request.exception_reporter_class = CustomExceptionReporter()
  272. ...
  273. .. seealso::
  274. You can also set up custom error reporting by writing a custom piece of
  275. :ref:`exception middleware <exception-middleware>`. If you do write custom
  276. error handling, it's a good idea to emulate Django's built-in error handling
  277. and only report/log errors if :setting:`DEBUG` is ``False``.