Docs: document DEBUG_API_REQUESTS setting

(And add a system check to warn about its use in production deployment.)
2025-12-20 03:41:05 -05:00 · 2019-12-15 14:23:03 -08:00
parent 95080bfeb9
commit 0c66e1eed9
5 changed files with 63 additions and 2 deletions
--- a/anymail/apps.py
+++ b/anymail/apps.py
@@ -1,7 +1,7 @@
 from django.apps import AppConfig
 from django.core import checks

-from .checks import check_deprecated_settings
+from .checks import check_deprecated_settings, check_insecure_settings


 class AnymailBaseConfig(AppConfig):
@@ -10,3 +10,4 @@ class AnymailBaseConfig(AppConfig):

    def ready(self):
        checks.register(check_deprecated_settings)
+        checks.register(check_insecure_settings)
--- a/anymail/checks.py
+++ b/anymail/checks.py
@@ -1,6 +1,8 @@
 from django.conf import settings
 from django.core import checks

+from anymail.utils import get_anymail_setting
+

 def check_deprecated_settings(app_configs, **kwargs):
    errors = []
@@ -24,3 +26,18 @@ def check_deprecated_settings(app_configs, **kwargs):
        ))

    return errors
+
+
+def check_insecure_settings(app_configs, **kwargs):
+    errors = []
+
+    # anymail.W002: DEBUG_API_REQUESTS can leak private information
+    if get_anymail_setting("debug_api_requests", default=False) and not settings.DEBUG:
+        errors.append(checks.Warning(
+            "You have enabled the ANYMAIL setting DEBUG_API_REQUESTS, which can "
+            "leak API keys and other sensitive data into logs or the console.",
+            hint="You should not use DEBUG_API_REQUESTS in production deployment.",
+            id="anymail.W002",
+        ))
+
+    return errors