Allow partial strings on Rails filter_parameters for meta_data_filters
#776
+10
−10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @yykamei, Thanks for the PR, we will review when priorities allow. |
|
Hi @johnkiely1, I'm curious about the progress of this pull request. I'm ready to update any changes if they're necessary. Thank you! |
|
Hi @yykamei, due to the prioritization of other tasks we do not have an ETA on the review of this PR. We'd be happy to let you know once we have more information. |
|
Thank you for your reply. |
…ters` The Recent Rails template will generate `filter_parameters` with *partial* strings, such as `:passw` and `:_key`. I think this library should also allow such keywords to filter out, following the Rails template. https://github.com/rails/rails/blob/f838a7421228204bbc1e012ff9a3801ed598da80/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt#L6-L8 This patch might be a breaking change because it will filter more parameters than before, but to exclude them would be better than sending probably sensitive parameters as they are.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Goal
The Recent Rails template will generate
filter_parameterswith partial strings, such as:passwand:_key. I think this library should also allow such keywords to filter out, following the Rails template.https://github.com/rails/rails/blob/f838a7421228204bbc1e012ff9a3801ed598da80/railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt#L6-L8
This patch might be a breaking change because it will filter more parameters than before, but to exclude them would be better than sending probably sensitive parameters as they are.
Design
I just removed
\Aand\zfrom theRegexpconstruction on a railtie as well as addingito allow any cases to be matched.Changeset
\Aand\z, and additoRegexpinitialization on railtieTesting
I updated
Rails.application.config.filter_parametersinsidefeaturesto be:passwfrom:password. It would be good if the End to end tests pass.