Comments (5)
I was wondering if you've had the chance to look at this. It seems to be a security issue as the secret key base is how most of the security on rails is handled. So I think it should not be exposed
from exception_notification.
For me it shows up as:
* action_dispatch.secret_key_base : [FILTERED]
Did you setup your Rails.application.config.filter_parameters
correctly?
from exception_notification.
No, I did not realize that exception_notification was using filter_parameters
Should it be like
Rails.application.config.filter_parameters += [:password, :secret_key_base]
Would you accept a PR that gives more information about filter_parameters?
Update:
I can confirm that
Rails.application.config.filter_parameters += [:password, :secret_key_base] removes the :secret_key_base
from exception_notification.
The default for a Rails 6 app is this, it is what I use:
config/initializers/filter_parameter_logging.rb :
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
Rails.application.config.filter_parameters += [
:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
]
I'm not the original author, so I cannot accept your PR if you create one.
from exception_notification.
from exception_notification.
Related Issues (20)
- New exception to add to ignored_exceptions HOT 2
- link in the readme IS NOT AVAILABLE HOT 1
- Access to env through `notification_trigger` callback
- Add ability to control how exceptions are grouped for error_grouping HOT 1
- HTTP Authorization Header
- Additional data doesn't show in teams notification HOT 3
- Ignore_notifier_if settings are not respected in non-Rack usages such as background jobs. HOT 1
- Rails 7 is out ! HOT 4
- Psych 4 incompatible HOT 1
- Update rubocop configuration
- Gem's package includes `examples` directory
- Rails 7 API only exception not working HOT 3
- Google Chat is not sending error notification
- Can't find stack trace in the email notification HOT 1
- Error counts for grouped exception notifications are updated inconsistently, causing duplicate alerts
- Add new default exception to ignore for Rack::Utils::InvalidParameterError
- ignore_crawlers not working when used in Rails initializer HOT 1
- DEPRECATION: Sidekiq exception handlers now take three arguments
- webhook notifier.IOError: not opened for reading HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from exception_notification.