Commits

Steve Losh committed 67938d0

Add an option for protecting sensitive parameters.

fixes issue 18

Comments (0)

Files changed (2)

docs/wiki/config/index.mdown

 
 This will force a fallback to a non-SSL HTTP post to Hoptoad if the SSL post fails.
 
+Hide Sensitive Request Parameters
+---------------------------------
+
+If a user submits important data (credit card numbers, for example) with a GET
+or POST request and an error occurs, that data will be passed along to
+Hoptoad. If you want to blank out the contents of certain parameters you can
+use this option:
+
+    HOPTOAD_PROTECTED_PARAMS = ['credit_card_number', 'ssn']
+
+Any parameter in this list will have its contents replaced with
+`********************` before it is sent to Hoptoad.
+
 Asynchronous POSTs and Request Handlers
 ---------------------------------------
 

hoptoad/api/htv1.py

 from django.views.debug import get_safe_settings
 from django.conf import settings
 
+from hoptoad import get_hoptoad_settings
+
+
+PROTECTED_PARAMS = frozenset(get_hoptoad_settings().get('HOPTOAD_PROTECTED_PARAMS', []))
 
 def _parse_environment(request):
     """Return an environment mapping for a notification from the given request."""
     """Return a request mapping for a notification from the given request."""
     request_get = dict( (str(k), str(v)) for (k, v) in request.GET.items() )
     request_post = dict( (str(k), str(v)) for (k, v) in request.POST.items() )
-    return request_post if request_post else request_get
+    
+    data = request_post or request_get
+    for k in PROTECTED_PARAMS.intersection(data.keys()):
+        data[k] = '********************'
+    
+    return data
 
 def _parse_session(session):
     """Return a request mapping for a notification from the given session."""