Insufficient redaction for environment dumps

Question

Insufficient redaction for environment dumps

Opened this issue 7 years ago · 0 comments

The environment dump you get when there's an internal error isn't being redacted thoroughly enough. These items appear to contain secrets, and should be entirely redacted:

SECRET_KEY_BASE
action_dispatch.request.unsigned_session_cookie
action_dispatch.secret_key_base
action_dispatch.secret_token
rack.request.cookie_hash
rack.request.cookie_string

The :exception_recipients field of exception_notifier.options should also be redacted, as it exposes people's email addresses.