Don't send Private-Token headers to Sentry

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/22537
author: Jacob Vosmaer <jacob@gitlab.com> 2016-10-04 16:35:41 +0200
committer: Jacob Vosmaer <jacob@gitlab.com> 2016-10-04 16:57:01 +0200
commit: 437bebb0ff6e7deba6fd157ec6b55112e125731f (patch)
tree: bd6eaf4bc4fe25d95a9390299fd3b3d44311acef /config/initializers
parent: 5e4418b23850947752134a04e4e42a1a22c7aac9 (diff)
download: gitlab-ce-437bebb0ff6e7deba6fd157ec6b55112e125731f.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index 5892c1de024..4f30d1265c8 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -18,6 +18,8 @@ if Rails.env.production?
       
       # Sanitize fields based on those sanitized from Rails.
       config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
+      # Sanitize authentication headers
+      config.sanitize_http_headers = %w[Authorization Private-Token]
       config.tags = { program: Gitlab::Sentry.program_context }
     end
   end
author	Jacob Vosmaer <jacob@gitlab.com>	2016-10-04 16:35:41 +0200
committer	Jacob Vosmaer <jacob@gitlab.com>	2016-10-04 16:57:01 +0200
commit	437bebb0ff6e7deba6fd157ec6b55112e125731f (patch)
tree	bd6eaf4bc4fe25d95a9390299fd3b3d44311acef /config/initializers
parent	5e4418b23850947752134a04e4e42a1a22c7aac9 (diff)
download	gitlab-ce-437bebb0ff6e7deba6fd157ec6b55112e125731f.tar.gz