diff options
author | Jacob Vosmaer <jacob@gitlab.com> | 2016-10-04 17:35:41 +0300 |
---|---|---|
committer | Jacob Vosmaer <jacob@gitlab.com> | 2016-10-04 17:57:01 +0300 |
commit | 437bebb0ff6e7deba6fd157ec6b55112e125731f (patch) | |
tree | bd6eaf4bc4fe25d95a9390299fd3b3d44311acef /config | |
parent | 5e4418b23850947752134a04e4e42a1a22c7aac9 (diff) |
Don't send Private-Token headers to Sentry
Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537
Diffstat (limited to 'config')
-rw-r--r-- | config/application.rb | 2 | ||||
-rw-r--r-- | config/initializers/sentry.rb | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb index 4792f6670a8..f5c900da8cf 100644 --- a/config/application.rb +++ b/config/application.rb @@ -50,6 +50,7 @@ module Gitlab # - Build variables (:variables) # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key) # - Webhook URLs (:hook) + # - GitLab-shell secret token (:secret_token) # - Sentry DSN (:sentry_dsn) # - Deploy keys (:key) config.filter_parameters += %i( @@ -62,6 +63,7 @@ module Gitlab password password_confirmation private_token + secret_token sentry_dsn variables ) diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb index 5892c1de024..4f30d1265c8 100644 --- a/config/initializers/sentry.rb +++ b/config/initializers/sentry.rb @@ -18,6 +18,8 @@ if Rails.env.production? # Sanitize fields based on those sanitized from Rails. config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s) + # Sanitize authentication headers + config.sanitize_http_headers = %w[Authorization Private-Token] config.tags = { program: Gitlab::Sentry.program_context } end end |