Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stripping environment variables from the HttpInterface #2895

Merged
merged 3 commits into from May 23, 2017
Merged

Stripping environment variables from the HttpInterface #2895

merged 3 commits into from May 23, 2017

Conversation

MichielDeMey
Copy link
Contributor

@MichielDeMey MichielDeMey commented May 23, 2017
edited

Please always submit pull requests on the development branch.

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #452
License MIT
Doc PR https://github.com/pm2-hive/pm2-hive.github.io/pulls

Re-submit of #459

Let's try not to wait 3 years this time. 馃槈

@MichielDeMey MichielDeMey changed the title Fixes 452 Stripping environment variables from the HttpInterface May 23, 2017
soyuka
soyuka reviewed May 23, 2017
View reviewed changes
lib/HttpInterface.js Outdated
@@ -46,6 +46,17 @@ function startWebServer(pm2) {
processes: list
};

if (cst.WEB_STRIP_ENV_VARS === true) {
for (var i = data.processes.length - 1; i >= 0; i--) {
var process = data.processes[i];
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you use another variable name? This is a global nodejs variable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I'll use proc.

soyuka
soyuka reviewed May 23, 2017
View reviewed changes
constants.js Outdated
@@ -80,6 +80,7 @@ var csts = {
DEBUG : process.env.PM2_DEBUG || false,
WEB_IPADDR : process.env.PM2_API_IPADDR || '0.0.0.0',
WEB_PORT : parseInt(process.env.PM2_API_PORT) || 9615,
WEB_STRIP_ENV_VARS : process.env.PM2_WEB_STRIP_ENV_VARS || true,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure about the default value for this, might break some implementations. WDYT @vmarchaud, shouldn't we set this to false by default so that things remain unchanged?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about some internal APIs, but yeah this might introduce a breaking change. I simply opted for the "secure by default" option, but we might want to set this to false in case it does break backwards compatibility.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@soyuka The behavior shouldn't be changed yes, by default we should put it as false.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I rename the ENV var then as well? Suggestions welcome. :)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

name is fine to me!

@MichielDeMey
Copy link
Contributor Author

CI seems to fail on Node 6, known issue?

@soyuka
Copy link
Collaborator

soyuka commented May 23, 2017

Nothing related imo.

@vmarchaud vmarchaud merged commit 9433f1f into Unitech:development May 23, 2017
susan51531
susan51531 reviewed Nov 21, 2017
View reviewed changes
lib/HttpInterface.js

// Strip important environment variables
if (typeof proc.pm2_env === 'undefined' && typeof proc.pm2_env.env === 'undefined') return;

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe change 'return' to 'break;

http request will not be ended if return from here.

inerc pushed a commit to inerc/pm2 that referenced this pull request Feb 11, 2020
@MichielDeMey @vmarchaud
Stripping environment variables from the HttpInterface (Unitech#2895)
0242d5b 
* Fixes 452

* Renamed to `proc`

* Default to false to keep backwards compatibility
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@susan51531 susan51531 susan51531 left review comments

@vmarchaud vmarchaud vmarchaud left review comments

@soyuka soyuka soyuka approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@MichielDeMey @soyuka @susan51531 @vmarchaud