From a13ed64f5d715cfe1e6bf2b60fa09ab78323a944 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Fri, 9 Mar 2012 13:34:53 -0700
Subject: [PATCH] don't log more information than is needed in
 browserid-metrics.json - strip everything from referrer except origin - issue
 #1283

---
 lib/metrics.js | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/lib/metrics.js b/lib/metrics.js
index a5961661a..399dea903 100644
--- a/lib/metrics.js
+++ b/lib/metrics.js
@@ -21,7 +21,8 @@ const
 winston = require("winston"),
 configuration = require("./configuration"),
 path = require('path'),
-fs = require('fs');
+fs = require('fs'),
+urlparse = require('urlparse');
 
 // go through the configuration and determine log location
 // for now we only log to one place
@@ -78,9 +79,17 @@ exports.userEntry = function(req) {
   var ipAddress = req.connection.remoteAddress;
   if (req.headers['x-real-ip']) ipAddress = req.headers['x-real-ip'];
 
+  var referer = null;
+  try {
+    // don't log more than we need
+    referer = urlparse(req.headers['referer']).originOnly().toString();
+  } catch(e) {
+    // ignore malformed referrers.  just log null
+  }
+
   exports.report('signin', {
     browser: req.headers['user-agent'],
-    rp: req.headers['referer'],
+    rp: referer,
     // IP address (this probably needs to be replaced with the X-forwarded-for value
     ip: ipAddress
   });
-- 
GitLab