On 29 août 2012, at 15:13, Mike Graham email@example.com wrote:
On Wed, Aug 29, 2012 at 1:15 AM, Masklinn firstname.lastname@example.org wrote:
It already does: http://docs.python.org/py3k/library/cgitb.html
Wow, nice! I vaguely knew cgitb existed as an HTML formatter, but I didn't realize how much information it showed.
On Wed, Aug 29, 2012 at 2:11 AM, Masklinn email@example.com wrote:
- Maybe move the `html` formatter to wsgiref and add a trace-formatting
middleware which could be dropped in about any WSGI stack
On an orthogonal note, I think it may be a bad idea to take steps that seem to encourage this sort of thing in a web app. Although there is some tradition of displaying stacktraces on errors on the web, this a) provides information the user shouldn't worry about and b) can introduce security holes (and has many times). Printing out locals, the problem only gets worse; it's easy to imagine a password or private data getting displayed on screen or transmitted via plaintext. It's of course possible to use this sort of tooling and turn it off in production, but it's not really necessary and I think it is a bad idea to make it too easy.
I don't think having middleware which needs to be added to the stack and configure makes things "too easy". Most frameworks make it way easier via a simple flag (in a settings file for django, and passed to .run for flask).
In fact, once you know of the feature's existence I'd argue a wsgi middleware is still way harder that "cgitb.enable()", and way easier *not* to enable in production.