Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sunstone - Sinatra shows exceptions by default #3751

Closed
7 tasks
xBytez opened this issue Sep 20, 2019 · 2 comments
Closed
7 tasks

Sunstone - Sinatra shows exceptions by default #3751

xBytez opened this issue Sep 20, 2019 · 2 comments
Assignees
@jloboescalona2
Labels
Category: Sunstone Status: Accepted Type: Bug
Milestone
Release 5.10.1

Comments

@xBytez
Copy link
Contributor

xBytez commented Sep 20, 2019
edited

Description
When triggering an error in the sunstone-server, the user is given a full stack trace with a lot of debug info. This should be disabled by default to prevent information disclosure.

To Reproduce

Expected behavior
I expected Sinatra to return

<h1>Internal Server Error</h1>

Details

  • Affected Component: Sunstone
  • Hypervisor: vCenter (not related)
  • Version: 5.8.1 (and latest from master)

Additional context
Add any other context about the problem here.

You can fix this by setting the environment for sunstone-server to production by default. You can do so by:

  • Setting set :environment, :production in sunstone-server.rb (preferred, APP_ENV overrides this)
  • Setting an environment variable "APP_ENV" to production in the service file

Progress Status

  • Branch created
  • Code committed to development branch
  • Testing - QA
  • Documentation
  • Release notes - resolved issues, compatibility, known issues
  • Code committed to upstream release/hotfix branches
  • Documentation committed to upstream release/hotfix branches
@vholer vholer added this to the Release 5.10.1 milestone Oct 8, 2019
@vholer
Copy link
Contributor

vholer commented Oct 8, 2019

I guess this settings should be based on :env in the sunstone-server.conf. If it's set to prod (by default), it should set the production environment in Sinatra as well. Right now it only takes different CSS/JS files.

jloboescalona2 pushed a commit to jloboescalona2/one that referenced this issue Dec 3, 2019
B OpenNebula#3751: validate by APP_ENV
5a8a1a3 
Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
tinova pushed a commit that referenced this issue Dec 3, 2019
@jloboescalona2
B #3751: validate by APP_ENV (#4015)
f141633 
Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
jloboescalona2 pushed a commit to jloboescalona2/docs that referenced this issue Dec 3, 2019
B OpenNebula/one#3751: validate by APP_ENV
ca39e90 
Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
tinova pushed a commit that referenced this issue Dec 3, 2019
@jloboescalona2 @tinova
B #3751: validate by APP_ENV (#4015)
333feca 
Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
(cherry picked from commit f141633)
tinova pushed a commit to OpenNebula/docs that referenced this issue Dec 3, 2019
@jloboescalona2
B OpenNebula/one#3751: Validate by APP_ENV (#856)
468eaff 
Signed-off-by: Jorge Lobo <jlobo@opennebula.systems>
@jloboescalona2
Copy link
Contributor

@tinova PR to approve:
-ONE: #4015
-Docs: OpenNebula/docs#856

@tinova tinova closed this as completed Dec 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jloboescalona2 jloboescalona2

Labels
Category: Sunstone Status: Accepted Type: Bug
Projects
None yet
Milestone
Release 5.10.1
Development

No branches or pull requests
4 participants
@tinova @vholer @xBytez @jloboescalona2