I was a bit surprised to learn that server side stdout is displayed in the client console. I’m evaluating all of my debug statements right now for what information I could be leaking.
What I’m trying to do:
I would like server side logging and print statements to never find their way to the client side.
My initial thought was to use logging throughout and only add a stdout handler when I’m in a debug environment. Something like this:
import logging
logger = logging.getLogger(__name__)
logger.setLevel(logging.DEBUG)
if 'debug' in anvil.app.environment.tags:
# Only connect stdout in debug env.
import sys
handler = logging.StreamHandler(sys.stdout)
logger.addHandler(handler)
Recommendations?
I was wondering what everyone else was doing to keep server side logging information from the client.
Leaking stdout example:
ServerModule:
SECRET = '13cec7b2b0984fbb9317a259833035db'
@anvil.server.callable
def server_print_statement() -> None:
print(f"Server side print: {SECRET}")
return None
Client:
class Form(FormTemplate):
def __init__(self, **properties):
self.init_components(**properties)
print('calling server side print -> This leaks secrets')
anvil.server.call('server_print_statement')
This sends the print statement to the client as well as the server app logs.
Live Example
Try searching the console for the secret value above.