disable browser error messages display with DEBUG=True

Hi good day.
I came across with a strange request, they want to prevent the browser from displaying any error messages, but keeping setting “DEBUG=True”
Does someone has this setting work?. I have tried several approaches but none has work for me.

Thanks in advance

What are they hoping to gain from that?

What specifically have you tried?

See Customizing error views

(And I agree with the previous response - this doesn’t pass the “sniff test” - I’d be really curious as to the reasoning behind this, because this seems like an improper workaround for a deeper issue.)

Well, right now I’m not sure. The truth is regardless of what for I’d expected to be a little more easy to disable the browser errors… xD

Well I have tried 3 things:

strike 1:
I have created custom functions for every type of error in views.py file on my ROOT_URLCONF app such as

def custom_404_view(request, exception=None):
    return render(request, 'dev_404.html', status=404)

def custom_400_view(request, exception=None):
    return render(request, 'dev_404.html', status=400)

def custom_500_view(request):
    return render(request, 'dev_404.html', status=500)

Then on my urls.py file, I’ve imported the file:

from django.conf.urls import handler404, handler400, handler500
from myapp.views import custom_404_view, custom_400_view, custom_500_view
handler404 = custom_404_view
handler400 = custom_400_view
handler500 = custom_500_view

urlpatterns = [
    # the rest of the paths
]

Strike 2:
A middleware, I create at the my ROOT_URLCONF app a middleware.py file with:

from django.shortcuts import render
from django.conf import settings
from django.core.exceptions import DisallowedHost

class Dev404Middleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        response = self.get_response(request)
        
        if response.status_code == 404 and settings.DEBUG:
            return render(request, 'dev_404.html', status=404)
        return response

class Dev500Middleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        response = self.get_response(request)
        
        if response.status_code == 500 and settings.DEBUG:
            return render(request, 'dev_404.html', status=500)
        return response
    
class Dev400Middleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        response = self.get_response(request)
        
        if response.status_code == 400 and settings.DEBUG:
            return render(request, 'dev_404.html', status=400)
        return response
    

class HandleDisallowedHostMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        try:
            response = self.get_response(request)
        except DisallowedHost:
            
            return render(request, 'dev_404.html', status=400)
            
        return response

Then I add them as the middleware variable on my settings file

MIDDLEWARE = [
    'myapp.middleware.Dev404Middleware',
    'myapp.middleware.Dev400Middleware',
    'myapp.middleware.Dev500Middleware',
    'myapp.middleware.HandleDisallowedHostMiddleware',
    # the rest of the middlewares
]

strike 3
logging settings, on settings file I added this:

LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'handlers': {
        'null': {
            'level': 'DEBUG',
            'class': 'logging.NullHandler',
        },
    },
    'loggers': {
        'django.security.DisallowedHost': {
            'handlers': ['null'],
            'propagate': False,
        },
    },
}

The first and the second try help me for example to disable the errors for the “not found page” but I haven’t been able for example to disable “DisallowedHost” which seems to be the more difficult.
(i have tried several combinations but it seems I haven’t get the right settings )

I think it’s more understandable when you consider why DEBUG=True exists.

It’s for use during the development process. It causes several internal facilities to behave differently, to aide the development and debugging processes. It is not something that should be set in a production-style environment - and that’s where this question would be coming from.

If you’re deploying a system with DEBUG=True, then that is the underlying mistake, and the inadvertent disclosure of data on error pages is only one issue.

The problem here is that the HttpResponse that you are attempting to create from the render function is itself throwing the DisallowedHost error in the process of attempting to render the response. You can’t use the request object in preparing the response, because it’s not a valid request.

You can either:

• Load static html from a file and pass it in the constructor of an HttpResponse object,
  or
• Use the render function on a SimpleTemplateResponse object as the response.

Then try to get some certainty. Whatever reason it is, trying to hide the errors is the wrong and insecure thing to do.