Merge commit 'dev/security' into 'master'

Signed-off-by: Rémy Coutable <remy@rymai.me>
author: Rémy Coutable <remy@rymai.me> 2016-10-06 09:33:11 +0300
committer: Rémy Coutable <remy@rymai.me> 2016-10-06 09:33:11 +0300
commit: d51bb99a7e7c4dce4abefbf4967aa69054066c3b (patch)
tree: a6aba13ef5161890bbebd0b48bfc36ad3d8f8223 /config/initializers
parent: 7e493b11546f15f7871a249474edf6afd418af89 (diff)
parent: 3f57ea0c0ba55f2612997acfb531f83a70b73323 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index 5892c1de024..4f30d1265c8 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -18,6 +18,8 @@ if Rails.env.production?
       
       # Sanitize fields based on those sanitized from Rails.
       config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
+      # Sanitize authentication headers
+      config.sanitize_http_headers = %w[Authorization Private-Token]
       config.tags = { program: Gitlab::Sentry.program_context }
     end
   end
author	Rémy Coutable <remy@rymai.me>	2016-10-06 09:33:11 +0300
committer	Rémy Coutable <remy@rymai.me>	2016-10-06 09:33:11 +0300
commit	d51bb99a7e7c4dce4abefbf4967aa69054066c3b (patch)
tree	a6aba13ef5161890bbebd0b48bfc36ad3d8f8223 /config/initializers
parent	7e493b11546f15f7871a249474edf6afd418af89 (diff)
parent	3f57ea0c0ba55f2612997acfb531f83a70b73323 (diff)