There are cases when we do not want sensitive data like passwords, card details etc in log files.
Rails provides filter_parameters
to achive this.
For example, if we have to filter secret_code
of user
then
we need to set filter_parameters
in the application.rb
as below:
After sending request to server, our request parameters will look like these:
Now if we do User.last
then:
We can see that the secret_code
of user
is not filtered and visible.
Rails 6 has moved
ParamterFilter from ActionDispatch to ActiveSupport to solve above security problem.
In Rails 6
Now we can see that secret_code
is filtered.
Instead of defining as filter_parameters
, we can also define attributes as filter_attributes
.
If we have filter_attributes
or filter_parameters
in regex or proc form,
Rails 6 has added
support for that also.