From b7a36e7fd09d3093e6fabf19b3d2b13b4a88f8d2 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Sun, 19 Oct 2014 09:52:09 +0200 Subject: [PATCH] Strip out passwords. Just log non ui track requests. --- .../javascripts/app/lib/app_init/track.js.coffee | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/app/assets/javascripts/app/lib/app_init/track.js.coffee b/app/assets/javascripts/app/lib/app_init/track.js.coffee index d38594b59..e350ab1b6 100644 --- a/app/assets/javascripts/app/lib/app_init/track.js.coffee +++ b/app/assets/javascripts/app/lib/app_init/track.js.coffee @@ -24,9 +24,9 @@ class _trackSingleton @trackId = 'track-' + new Date().getTime() + '-' + Math.floor( Math.random() * 99999 ) @browser = App.Browser.detection() @data = [] +# @url = 'http://localhost:3005/api/v1/ui' # @url = 'https://log.znuny.com/api/ui' @url = 'https://portal.znuny.com/api/v1/ui' -# @url = 'api/ui' @log( 'start', 'notice', {} ) @@ -60,13 +60,19 @@ class _trackSingleton # log ajax calls $(document).bind( 'ajaxComplete', ( e, request, settings ) => - length = @url.length - if settings.url.substr(0,length) isnt @url && settings.url.substr(0,6) isnt 'api/ui' + + # do not log ui requests + if settings.url && settings.url.substr(0,3) isnt '/ui' level = 'notice' responseText = '' if request.status >= 400 level = 'error' responseText = request.responseText + + # delete passwords form data + if settings.data && typeof settings.data is 'string' + settings.data = settings.data.replace(/"password":".+?"/gi, '"password":"xxx"') + @log( 'ajax.send', level, @@ -85,7 +91,7 @@ class _trackSingleton $(window).bind( 'beforeunload' => - @log( 'end', 'notice', {} ) + @log( 'good bye', 'notice', {} ) @send(false) return )