Don't send Private-Token headers to Sentry

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537
author: Jacob Vosmaer <jacob@gitlab.com> 2016-10-04 17:35:41 +0300
committer: Jacob Vosmaer <jacob@gitlab.com> 2016-10-04 17:57:01 +0300
commit: 437bebb0ff6e7deba6fd157ec6b55112e125731f (patch)
tree: bd6eaf4bc4fe25d95a9390299fd3b3d44311acef /config
parent: 5e4418b23850947752134a04e4e42a1a22c7aac9 (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb
index 4792f6670a8..f5c900da8cf 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -50,6 +50,7 @@ module Gitlab
     # - Build variables (:variables)
     # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
     # - Webhook URLs (:hook)
+    # - GitLab-shell secret token (:secret_token)
     # - Sentry DSN (:sentry_dsn)
     # - Deploy keys (:key)
     config.filter_parameters += %i(
@@ -62,6 +63,7 @@ module Gitlab
       password
       password_confirmation
       private_token
+      secret_token
       sentry_dsn
       variables
     )
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index 5892c1de024..4f30d1265c8 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -18,6 +18,8 @@ if Rails.env.production?
       
       # Sanitize fields based on those sanitized from Rails.
       config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
+      # Sanitize authentication headers
+      config.sanitize_http_headers = %w[Authorization Private-Token]
       config.tags = { program: Gitlab::Sentry.program_context }
     end
   end
author	Jacob Vosmaer <jacob@gitlab.com>	2016-10-04 17:35:41 +0300
committer	Jacob Vosmaer <jacob@gitlab.com>	2016-10-04 17:57:01 +0300
commit	437bebb0ff6e7deba6fd157ec6b55112e125731f (patch)
tree	bd6eaf4bc4fe25d95a9390299fd3b3d44311acef /config
parent	5e4418b23850947752134a04e4e42a1a22c7aac9 (diff)