Added redirect to filtered params

Merge branch 'security-906-glpat-logging-16-0' into '16-0-stable-ee' See merge request gitlab-org/security/gitlab!3443 Changelog: security

Added redirect to filtered params
49ffc2cc · Smriti Garg · GitLab Release Tools Bot · 09c1f37e · 49ffc2cc
Commit 49ffc2cc authored 1 year ago by Smriti Garg Committed by GitLab Release Tools Bot 1 year ago
--- a/config/application.rb
+++ b/config/application.rb
@@ -171,6 +171,7 @@ class Application < Rails::Application
    # - Any parameter containing `password`
    # - Any parameter containing `secret`
    # - Any parameter ending with `key`
+    # - Any parameter named `redirect`, filtered for security concerns of exposing sensitive information
    # - Two-factor tokens (:otp_attempt)
    # - Repo/Project Import URLs (:import_url)
    # - Build traces (:trace)
@@ -213,6 +214,7 @@ class Application < Rails::Application
      variables
      content
      sharedSecret
+      redirect
    )
  
    # Enable escaping HTML in JSON.