Bug 1202510
Summary: | Phusion Passenger Displays Environment Variables | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Brenton Leanhardt <bleanhar> |
Component: | ImageStreams | Assignee: | Jason DeTiberus <jdetiber> |
Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 2.2.0 | CC: | adellape, gpei, jhou, jialiu, jokerman, libra-bugs, libra-onpremise-devel, lmeyer, maszulik, mmccomas, pruan, steve.arnold |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | Phusion Passenger | ||
Fixed In Version: | openshift-origin-cartridge-ruby-1.30.5.1-1.el6op | Doc Type: | Bug Fix |
Doc Text: |
When using the Ruby cartridge, environment variables and their values were displayed on error pages to users when Phusion Passenger failed, containing potentially sensitive information. These pages are known as "friendly error pages", and by default in Passenger are not supposed to be revealed when the Rails environment is set to "staging" or "production". However, even though the cartridge default was set to "production", these pages still appeared. This bug fix updates the Ruby cartridge to include additional logic to ensure that the friendly error pages are disabled by default, unless the Rails environment has been set specifically to "development". After applying this update, a cartridge upgrade is required.
|
Story Points: | --- |
Clone Of: | 1191517 | Environment: | |
Last Closed: | 2015-04-06 17:06:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1191517 | ||
Bug Blocks: |
Description
Brenton Leanhardt
2015-03-16 18:55:39 UTC
Verify this bug with openshift-origin-cartridge-ruby-1.30.5.1-1.el6op 1. Create a rails app with the rails-example quickstart rhc create-app rails2 ruby-2.0 mysql-5.1 --from-code https://github.com/openshift/rails-example.git 2. Add following to config.ru, then commit and push updates. map '/error' do raise Error.new end 3. Access $app_url/error, got an error page which said "We're sorry, but something went wrong (500)" 4. Set RAILS_ENV=development and restart the app. rhc env set RAILS_ENV=development -a rails2 Access $app_url/error. It returns all the errors and environment variables. 5. Set RAILS_ENV=production and restart the app. rhc env set RAILS_ENV=production -a rails2 Access $app_url/error. It returns an error page which said "We're sorry, but something went wrong." Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0779.html |