Added redirect to filtered params

Merge branch 'security-906-glpat-logging' into 'master' See merge request gitlab-org/security/gitlab!3418 Changelog: security

Added redirect to filtered params
a3b01e38 · Smriti Garg · Reuben Pereira · ea931f1b · a3b01e38
--- a/config/application.rb
+++ b/config/application.rb
@@ -186,6 +186,7 @@ class Application < Rails::Application
    # - Any parameter containing `password`
    # - Any parameter containing `secret`
    # - Any parameter ending with `key`
+    # - Any parameter named `redirect`, filtered for security concerns of exposing sensitive information
    # - Two-factor tokens (:otp_attempt)
    # - Repo/Project Import URLs (:import_url)
    # - Build traces (:trace)
@@ -228,6 +229,7 @@ class Application < Rails::Application
      variables
      content
      sharedSecret
+      redirect
    )

    # This config option can be removed after Rails 7.1 by https://gitlab.com/gitlab-org/gitlab/-/issues/416270