There are cases when we do not want sensitive data like passwords, card details etc in log files.
filter_parameters to achive this.
For example, if we have to filter
we need to set
filter_parameters in the
application.rb as below:
After sending request to server, our request parameters will look like these:
Now if we do
We can see that the
user is not filtered and visible.
Rails 6 has moved
ParamterFilter from ActionDispatch to ActiveSupport to solve above security problem.
In Rails 6
Now we can see that
secret_code is filtered.
Instead of defining as
filter_parameters, we can also define attributes as
If we have
filter_parameters in regex or proc form,
Rails 6 has added
support for that also.