Menu
Rails has built in log filtering so you don't log passwords and credit cards. Works great for that but when you want to trigger a custom log (like to email) and send your own params or other data along with it, the parameters are obviously not auto-filtered. I have been digging and trying to find this in the rails source but have had no luck so far.
I have configured rails to filter parameters as follows and it works properly for keeping the data out of rails logs:
config.filter_parameters += [:password, :password_confirmation, :credit_card] How would you filter sensitive data from the params hash before dumping it into an email, api call or custom (non-rails) log?
470
Rails has built in log filtering so you don't log passwords and credit cards. Works great for that but when you want to trigger a custom log (like to email) and send your own params or other data along with it, the parameters are obviously not auto-filtered.
Filters are methods that are run "before", "after" or "around" a controller action. Filters are inherited, so if you set a filter on ApplicationController , it will be run on every controller in your application.
Sidenote for filtering the log in Rails 4+: The config.filter_parameters has been moved from application.rb to it's own initializer.
config/initializers/filter_parameter_logging.rb
Rails.application.config.filter_parameters += [:password] If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
