mirror of
https://0xacab.org/sutty/sutty
synced 2024-11-22 05:06:21 +00:00
fix: anonimizar encabezados
This commit is contained in:
parent
1f4b1b5fce
commit
12d515e2ac
1 changed files with 15 additions and 1 deletions
|
@ -6,6 +6,8 @@
|
||||||
class RegistrationsController < Devise::RegistrationsController
|
class RegistrationsController < Devise::RegistrationsController
|
||||||
class SpambotError < StandardError; end
|
class SpambotError < StandardError; end
|
||||||
|
|
||||||
|
PRIVATE_HEADERS = /(cookie|secret|token)/i
|
||||||
|
|
||||||
prepend_before_action :anti_spambot_traps, only: %i[create]
|
prepend_before_action :anti_spambot_traps, only: %i[create]
|
||||||
prepend_after_action :lock_spambots, only: %i[create]
|
prepend_after_action :lock_spambots, only: %i[create]
|
||||||
|
|
||||||
|
@ -34,7 +36,7 @@ class RegistrationsController < Devise::RegistrationsController
|
||||||
def anti_spambot_traps
|
def anti_spambot_traps
|
||||||
raise SpambotError if spambot?
|
raise SpambotError if spambot?
|
||||||
rescue SpambotError => e
|
rescue SpambotError => e
|
||||||
ExceptionNotifier.notify_exception(e, data: { params: anonymized_params, headers: request.headers.to_h })
|
ExceptionNotifier.notify_exception(e, data: { params: anonymized_params, headers: anonymized_headers })
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -49,6 +51,18 @@ class RegistrationsController < Devise::RegistrationsController
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Devuelve los encabezados de la petición sin información sensible de
|
||||||
|
# Rails
|
||||||
|
#
|
||||||
|
# @return [Hash]
|
||||||
|
def anonymized_headers
|
||||||
|
request.headers.to_h.select do |_, v|
|
||||||
|
v.is_a? String
|
||||||
|
end.reject do |k, _|
|
||||||
|
k =~ PRIVATE_HEADERS
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
# Si le usuarie es considerade spambot, no enviamos el correo de
|
# Si le usuarie es considerade spambot, no enviamos el correo de
|
||||||
# confirmación al crear la cuenta.
|
# confirmación al crear la cuenta.
|
||||||
def sign_up_params
|
def sign_up_params
|
||||||
|
|
Loading…
Reference in a new issue