#37152: EmailMessage should block `bcc` in `extra_headers` and docs should not
suggest `bcc` is a header
-------------------------------------+-------------------------------------
Reporter: Natalia Bidart | Type:
| Cleanup/optimization
Status: new | Component: Core
| (Mail)
Version: 6.0 | Severity: Normal
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Following a security report deemed invalid, there are two related
improvements to `EmailMessage` that we should pursue:
1. Add `bcc` to the `extra_headers` blocklist: `EmailMessage.message()`
already blocks `from`, `to`, `cc`, and `reply-to` from being written into
MIME headers via `extra_headers`, but `bcc` is missing.
2. Clarify docs to avoid saying that `bcc` is a "header": docs describe it
as addresses used in the "Bcc header," which is inaccurate. Bcc addresses
are passed to the SMTP server as RCPT TO recipients and never written into
the MIME message -- there is no Bcc header in the outgoing message. The
word "header" should be removed from that description.
--
Ticket URL: <https://code.djangoproject.com/ticket/37152>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019ead139576-7ffb09d5-4c81-44d9-805e-5156d64dbd1b-000000%40eu-central-1.amazonses.com.
