Commit 6e1b52b8 authored by Douwe Maan's avatar Douwe Maan Committed by Alejandro Rodríguez

Merge branch 'rs-filter-authentication_token' into 'security'

Add authentication_token to filter_parameters list

See merge request !2041
parent 47bc0125
...@@ -45,7 +45,7 @@ module Gitlab ...@@ -45,7 +45,7 @@ module Gitlab
# #
# Parameters filtered: # Parameters filtered:
# - Password (:password, :password_confirmation) # - Password (:password, :password_confirmation)
# - Private tokens (:private_token) # - Private tokens (:private_token, :authentication_token)
# - Two-factor tokens (:otp_attempt) # - Two-factor tokens (:otp_attempt)
# - Repo/Project Import URLs (:import_url) # - Repo/Project Import URLs (:import_url)
# - Build variables (:variables) # - Build variables (:variables)
...@@ -55,6 +55,7 @@ module Gitlab ...@@ -55,6 +55,7 @@ module Gitlab
# - Sentry DSN (:sentry_dsn) # - Sentry DSN (:sentry_dsn)
# - Deploy keys (:key) # - Deploy keys (:key)
config.filter_parameters += %i( config.filter_parameters += %i(
authentication_token
certificate certificate
encrypted_key encrypted_key
hook hook
......
...@@ -15,7 +15,7 @@ if Rails.env.production? ...@@ -15,7 +15,7 @@ if Rails.env.production?
Raven.configure do |config| Raven.configure do |config|
config.dsn = current_application_settings.sentry_dsn config.dsn = current_application_settings.sentry_dsn
config.release = Gitlab::REVISION config.release = Gitlab::REVISION
# Sanitize fields based on those sanitized from Rails. # Sanitize fields based on those sanitized from Rails.
config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s) config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
# Sanitize authentication headers # Sanitize authentication headers
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment