Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorRémy Coutable <remy@gitlab.com>2016-10-05 12:30:10 +0300
committerRémy Coutable <remy@rymai.me>2016-10-11 14:58:45 +0300
commiteebf51eeec1170b0f30df6b46bfc265988aeec39 (patch)
treeacb0518ff0a391a4d8e9459e0f7430539d8f5d83 /config
parent7d593a491f9329515d7f82e8a43972458a17d5ba (diff)
Merge branch 'raven-headers' into 'security'
Don't send Private-Token headers to Sentry Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537 This bumps 'raven' (the Ruby gem we use to send errors to Sentry) to version 2.0.2. We need 2.0.0 or newer to be able to sanitize HTTP headers. See merge request !2004 Signed-off-by: Rémy Coutable <remy@rymai.me>
Diffstat (limited to 'config')
-rw-r--r--config/application.rb2
-rw-r--r--config/initializers/sentry.rb4
2 files changed, 5 insertions, 1 deletions
diff --git a/config/application.rb b/config/application.rb
index 1ebdb43d662..0ae92c67829 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -50,6 +50,7 @@ module Gitlab
# - Build variables (:variables)
# - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
# - Webhook URLs (:hook)
+ # - GitLab-shell secret token (:secret_token)
# - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key)
config.filter_parameters += %i(
@@ -62,6 +63,7 @@ module Gitlab
password
password_confirmation
private_token
+ secret_token
sentry_dsn
variables
)
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index 74fef7cadfe..b18acd0d769 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -15,9 +15,11 @@ if Rails.env.production?
Raven.configure do |config|
config.dsn = current_application_settings.sentry_dsn
config.release = Gitlab::REVISION
-
+
# Sanitize fields based on those sanitized from Rails.
config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
+ # Sanitize authentication headers
+ config.sanitize_http_headers = %w[Authorization Private-Token]
end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-17 15:25:15 +0300