Module: ActionDispatch::Http::FilterParameters

Included in:
Request
Defined in:
actionpack/lib/action_dispatch/http/filter_parameters.rb

Overview

Allows you to specify sensitive parameters which will be replaced from the request log by looking in the query string of the request and all subhashes of the params hash to filter. If a block is given, each key and value of the params hash and all subhashes is passed to it, the value or key can be replaced using String#replace or similar method.

env["action_dispatch.parameter_filter"] = [:password]
=> replaces the value to all keys matching /password/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = [:foo, "bar"]
=> replaces the value to all keys matching /foo|bar/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = lambda do |k,v|
  v.reverse! if k =~ /secret/i
end
=> reverses the value to all keys matching /secret/i

Constant Summary collapse

ENV_MATCH =

:nodoc:

[/RAW_POST_DATA/, "rack.request.form_vars"]
NULL_PARAM_FILTER =

:nodoc:

ParameterFilter.new
NULL_ENV_FILTER =

:nodoc:

ParameterFilter.new ENV_MATCH

Instance Method Summary collapse

Instance Method Details

#filtered_envObject

Return a hash of request.env with all sensitive data replaced.


41
42
43
# File 'actionpack/lib/action_dispatch/http/filter_parameters.rb', line 41

def filtered_env
  @filtered_env ||= env_filter.filter(@env)
end

#filtered_parametersObject

Return a hash of parameters with all sensitive data replaced.


36
37
38
# File 'actionpack/lib/action_dispatch/http/filter_parameters.rb', line 36

def filtered_parameters
  @filtered_parameters ||= parameter_filter.filter(parameters)
end

#filtered_pathObject

Reconstructed a path with all sensitive GET parameters replaced.


46
47
48
# File 'actionpack/lib/action_dispatch/http/filter_parameters.rb', line 46

def filtered_path
  @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
end

#initialize(env) ⇒ Object


28
29
30
31
32
33
# File 'actionpack/lib/action_dispatch/http/filter_parameters.rb', line 28

def initialize(env)
  super
  @filtered_parameters = nil
  @filtered_env        = nil
  @filtered_path       = nil
end