Comments (5)
thebravoman
commented on September 27, 2024
I was wondering if you've had the chance to look at this. It seems to be a security issue as the secret key base is how most of the security on rails is handled. So I think it should not be exposed
from exception_notification.
frenkel
commented on September 27, 2024
For me it shows up as:
* action_dispatch.secret_key_base : [FILTERED]
Did you setup your Rails.application.config.filter_parameters correctly?
from exception_notification.
thebravoman
commented on September 27, 2024
No, I did not realize that exception_notification was using filter_parameters
Should it be like
Rails.application.config.filter_parameters += [:password, :secret_key_base]
Would you accept a PR that gives more information about filter_parameters?
Update:
I can confirm that
Rails.application.config.filter_parameters += [:password, :secret_key_base] removes the :secret_key_base
from exception_notification.
frenkel
commented on September 27, 2024
The default for a Rails 6 app is this, it is what I use:
config/initializers/filter_parameter_logging.rb :
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
Rails.application.config.filter_parameters += [
:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
]
I'm not the original author, so I cannot accept your PR if you create one.
from exception_notification.
thebravoman
commented on September 27, 2024
Got it.
I am running this platform since rails 2 and there was only one filtered
param.
Will add the rest.
…On Tue, Aug 17, 2021, 13:48 Frank Groeneveld ***@***.***> wrote:
The default for a Rails 6 app is this, it is what I use:
config/initializers/filter_parameter_logging.rb :
# Be sure to restart your server when you modify this file.
# Configure sensitive parameters which will be filtered from the log file.
Rails.application.config.filter_parameters += [
:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
]
I'm not the original author, so I cannot accept your PR if you create one.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#507 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAKAGBJV4VACNUYA65YNKB3T5I47TANCNFSM44EAPA7A>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
from exception_notification.
Related Issues (20)
- New exception to add to ignored_exceptions HOT 2
- link in the readme IS NOT AVAILABLE HOT 1
- Access to env through `notification_trigger` callback
- Add ability to control how exceptions are grouped for error_grouping HOT 1
- HTTP Authorization Header
- Additional data doesn't show in teams notification HOT 3
- Ignore_notifier_if settings are not respected in non-Rack usages such as background jobs. HOT 1
- Rails 7 is out ! HOT 4
- Psych 4 incompatible HOT 1
- Update rubocop configuration
- Gem's package includes `examples` directory
- Rails 7 API only exception not working HOT 3
- Google Chat is not sending error notification
- Can't find stack trace in the email notification HOT 1
- Error counts for grouped exception notifications are updated inconsistently, causing duplicate alerts
- Add new default exception to ignore for Rack::Utils::InvalidParameterError
- ignore_crawlers not working when used in Rails initializer HOT 1
- DEPRECATION: Sidekiq exception handlers now take three arguments
- webhook notifier.IOError: not opened for reading HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from exception_notification.