tagteam
tagteam copied to clipboard
Insufficient redaction for environment dumps
The environment dump you get when there's an internal error isn't being redacted thoroughly enough. These items appear to contain secrets, and should be entirely redacted:
- SECRET_KEY_BASE
- action_dispatch.request.unsigned_session_cookie
- action_dispatch.secret_key_base
- action_dispatch.secret_token
- rack.request.cookie_hash
- rack.request.cookie_string
The :exception_recipients
field of exception_notifier.options
should also be redacted, as it exposes people's email addresses.