Skip to content

Commit

Permalink
Merge pull request #1053 from maykinmedia/fix/2130-axes-hide-incorrec…
Browse files Browse the repository at this point in the history 
…t-password

🔒 [#2130] Obfuscate incorrect password in Axes logs
  • Loading branch information
@alextreme
alextreme authored Feb 27, 2024
2 parents db9db6f + 083d51b commit e54631a
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/open_inwoner/conf/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -630,6 +630,9 @@
AXES_USE_USER_AGENT = True # Default: False
AXES_LOCK_OUT_BY_COMBINATION_USER_AND_IP = True # Default: False
AXES_BEHIND_REVERSE_PROXY = IS_HTTPS
# By default, Axes obfuscates values for formfields named "password", but the admin
# interface login formfield name is "auth-password", so we obfuscate that as well
AXES_SENSITIVE_PARAMETERS = ["password", "auth-password"] # nosec

# The default meta precedence order
IPWARE_META_PRECEDENCE_ORDER = (
Expand Down

0 comments on commit e54631a

Please sign in to comment.