From 075cf4c800063e3cc65c3d41a9c23222e8ebb554 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 11 Jan 2023 23:27:14 +0100
Subject: API avoid logging passwords (#5001)

* API avoid logging passwords
* Strip passwords and tokens from API logs
* Only log failed requests information when in debug mode

* Remove debug SHA

* Clean also Apache logs

* Better comments

* Redact also token parameters

* shfmt

* Simplify whitespace

* redacted
---
 Docker/FreshRSS.Apache.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'Docker')

diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf
index 2cfb9cbf9..6281e59e5 100644
--- a/Docker/FreshRSS.Apache.conf
+++ b/Docker/FreshRSS.Apache.conf
@@ -4,7 +4,7 @@ DocumentRoot /var/www/FreshRSS/p/
 RemoteIPHeader X-Forwarded-For
 RemoteIPTrustedProxy 10.0.0.1/8 172.16.0.1/12 192.168.0.1/16
 LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy
-CustomLog /dev/stdout combined_proxy
+CustomLog "|/var/www/FreshRSS/cli/sensitive-log.sh" combined_proxy
 ErrorLog /dev/stderr
 AllowEncodedSlashes On
 ServerTokens OS
-- 
cgit v1.2.3