kotovalexarian-likes-github/puma--puma
1
0
Fork 0
mirror of https://github.com/puma/puma.git synced 2022-11-09 13:48:40 -05:00
Code Releases Activity

Remove environment from parse_error

Browse source 
Environment hash can contain headers, parameters, and much more about the request
This unfortunately means that we may be logging authentication credentials, such as basic auth
And a lot more without the users' knowledge.

This only happens during a log to stderr, but it is still worth noting.
This commit is contained in:
Julian Nadeau 2017-05-30 14:50:07 -04:00
parent 378f386a04
commit 9b42180369
No known key found for this signature in database
GPG key ID: CAD41019602B5DC8
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
lib/puma/events.rb
View file

@ -91,8 +91,7 @@ module Puma
# parsing exception.
#
def parse_error(server, env, error)
@stderr.puts "#{Time.now}: HTTP parse error, malformed request (#{env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR]}): #{error.inspect}"
@stderr.puts "#{Time.now}: ENV: #{env.inspect}\n---\n"
@stderr.puts "#{Time.now}: HTTP parse error, malformed request (#{env[HTTP_X_FORWARDED_FOR] || env[REMOTE_ADDR]}): #{error.inspect}\n---\n"
end
# An SSL error has occurred.