Allows you to specify sensitive parameters which will be replaced from the request log by looking in the query string of the request and all sub-hashes of the params hash to filter. Filtering only certain sub-keys from a hash is possible by using the dot notation: 'credit_card.number'. If a block is given, each key and value of the params hash and all sub-hashes are passed to it, where the value or the key can be replaced using String#replace or similar methods.
env["action_dispatch.parameter_filter"] = [:password] => replaces the value to all keys matching /password/i with "[FILTERED]" env["action_dispatch.parameter_filter"] = [:foo, "bar"] => replaces the value to all keys matching /foo|bar/i with "[FILTERED]" env["action_dispatch.parameter_filter"] = [ /\Apin\z/i, /\Apin_/i ] => replaces the value for the exact (case-insensitive) key 'pin' and all (case-insensitive) keys beginning with 'pin_', with "[FILTERED]" Does not match keys with 'pin' as a substring, such as 'shipping_id'. env["action_dispatch.parameter_filter"] = [ "credit_card.code" ] => replaces { credit_card: {code: "xxxx"} } with "[FILTERED]", does not change { file: { code: "xxxx"} } env["action_dispatch.parameter_filter"] = -> (k, v) do v.reverse! if k.match?(/secret/i) end => reverses the value to all keys matching /secret/i
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 39 def initialize super @filtered_parameters = nil @filtered_env = nil @filtered_path = nil end
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 54 def filtered_env @filtered_env ||= env_filter.filter(@env) end
Returns a hash of request.env with all sensitive data replaced.
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 47 def filtered_parameters @filtered_parameters ||= parameter_filter.filter(parameters) rescue ActionDispatch::Http::Parameters::ParseError @filtered_parameters = {} end
Returns a hash of parameters with all sensitive data replaced.
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 59 def filtered_path @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}" end
Reconstructs a path with all sensitive GET parameters replaced.
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 70 def env_filter # :doc: user_key = fetch_header("action_dispatch.parameter_filter") { return NULL_ENV_FILTER } parameter_filter_for(Array(user_key) + ENV_MATCH) end
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 83 def filtered_query_string # :doc: query_string.gsub(PAIR_RE) do |_| parameter_filter.filter($1 => $2).first.join("=") end end
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 64 def parameter_filter # :doc: parameter_filter_for fetch_header("action_dispatch.parameter_filter") { return NULL_PARAM_FILTER } end
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 77 def parameter_filter_for(filters) # :doc: ActiveSupport::ParameterFilter.new(filters) end
© 2004–2021 David Heinemeier Hansson
Licensed under the MIT License.