From b00046d2c25771bed2242680b08b524a44aa9798 Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Wed, 22 Mar 2023 12:32:13 +0100 Subject: [PATCH] Doc'd use of asgiref.sync adapters with sensitive variables. --- docs/howto/error-reporting.txt | 11 +++++++++++ docs/topics/async.txt | 14 ++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index 4e50c0e3092..875e56a51d8 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -194,6 +194,17 @@ filtered out of error reports in a production environment (that is, where def process_info(user): ... + .. warning:: + + Due to the machinery needed to cross the sync/async boundary, + :func:`~asgiref.sync.sync_to_async` and + :func:`~asgiref.sync.async_to_sync` are **not** compatible with + ``sensitive_variables()``. + + If using these adapters with sensitive variables, ensure to audit + exception reporting, and consider implementing a :ref:`custom filter + ` if necessary. + .. versionchanged:: 5.0 Support for wrapping ``async`` functions was added. diff --git a/docs/topics/async.txt b/docs/topics/async.txt index 96220b97c1a..95d3435e070 100644 --- a/docs/topics/async.txt +++ b/docs/topics/async.txt @@ -338,3 +338,17 @@ trigger the thread safety checks: Rather, you should encapsulate all database access within a helper function that can be called with ``sync_to_async()`` without relying on the connection object in the calling code. + +Use with exception reporting filters +------------------------------------ + +.. warning:: + + Due to the machinery needed to cross the sync/async boundary, + ``sync_to_async()`` and ``async_to_sync()`` are **not** compatible with + :func:`~django.views.decorators.debug.sensitive_variables`, used to mask + local variables from exception reports. + + If using these adapters with sensitive variables, ensure to audit exception + reporting, and consider implementing a :ref:`custom filter + ` if necessary.