From cf1df71d4043c425a83d4176206c953b7626cbc8 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 11 Jan 2024 18:13:52 -0300 Subject: [PATCH] =?UTF-8?q?fix:=20especificar=20qu=C3=A9=20parametros=20de?= =?UTF-8?q?=20airbrake=20permitimos=20#14956?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit c22276f74f9de7fa8fa69d42db2e32b1455b6b1d) --- app/controllers/api/v1/notices_controller.rb | 38 ++++++++++++++++++-- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/v1/notices_controller.rb b/app/controllers/api/v1/notices_controller.rb index 3d74a48f..8f384f1a 100644 --- a/app/controllers/api/v1/notices_controller.rb +++ b/app/controllers/api/v1/notices_controller.rb @@ -9,10 +9,10 @@ module Api # Generar un stacktrace en segundo plano y enviarlo por correo # solo si la API key es verificable. Del otro lado siempre # respondemos con lo mismo. - def create + def create if (site&.airbrake_valid? airbrake_token) && !detected_device.bot? BacktraceJob.perform_later site_id: params[:site_id], - params: airbrake_params.to_h + params: airbrake_params.to_h end render status: 201, json: { id: 1, url: '' } @@ -23,7 +23,39 @@ module Api # XXX: Por alguna razón Airbrake envía los datos con Content-Type: # text/plain. def airbrake_params - @airbrake_params ||= params.merge!(FastJsonparser.parse(request.raw_post) || {}).permit! + @airbrake_params ||= + params.merge!(FastJsonparser.parse(request.raw_post) || {}) + .permit( + { + errors: [ + :type, + :message, + { backtrace: %i[file line column function] } + ] + }, + { + context: [ + :url, + :language, + :severity, + :userAgent, + :windowError, + :rootDirectory, + { + history: [ + :date, + :type, + :severity, + :target, + :method, + :duration, + :statusCode, + { arguments: [] } + ] + } + ] + } + ) end def site