Skip to Content Skip to Search

Allows you to specify sensitive parameters which will be replaced from the request log by looking in the query string of the request and all sub-hashes of the params hash to filter. Filtering only certain sub-keys from a hash is possible by using the dot notation: 'credit_card.number'. If a block is given, each key and value of the params hash and all sub-hashes are passed to it, where the value or the key can be replaced using String#replace or similar methods.

env["action_dispatch.parameter_filter"] = [:password]
=> replaces the value to all keys matching /password/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = [:foo, "bar"]
=> replaces the value to all keys matching /foo|bar/i with "[FILTERED]"

env["action_dispatch.parameter_filter"] = [ /\Apin\z/i, /\Apin_/i ]
=> replaces the value for the exact (case-insensitive) key 'pin' and all
(case-insensitive) keys beginning with 'pin_', with "[FILTERED]"
Does not match keys with 'pin' as a substring, such as 'shipping_id'.

env["action_dispatch.parameter_filter"] = [ "credit_card.code" ]
=> replaces { credit_card: {code: "xxxx"} } with "[FILTERED]", does not
change { file: { code: "xxxx"} }

env["action_dispatch.parameter_filter"] = -> (k, v) do
  v.reverse! if k.match?(/secret/i)
end
=> reverses the value to all keys matching /secret/i
Methods
E
F
N
P

Constants

KV_RE = "[^&;=]+"
 
PAIR_RE = %r{(#{KV_RE})=(#{KV_RE})}
 

Class Public methods

new()

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 39
def initialize
  super
  @filtered_parameters = nil
  @filtered_env        = nil
  @filtered_path       = nil
end

Instance Public methods

filtered_env()

Returns a hash of request.env with all sensitive data replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 54
def filtered_env
  @filtered_env ||= env_filter.filter(@env)
end

filtered_parameters()

Returns a hash of parameters with all sensitive data replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 47
def filtered_parameters
  @filtered_parameters ||= parameter_filter.filter(parameters)
rescue ActionDispatch::Http::Parameters::ParseError
  @filtered_parameters = {}
end

filtered_path()

Reconstructs a path with all sensitive GET parameters replaced.

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 59
def filtered_path
  @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
end

Instance Private methods

env_filter()

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 70
def env_filter # :doc:
  user_key = fetch_header("action_dispatch.parameter_filter") {
    return NULL_ENV_FILTER
  }
  parameter_filter_for(Array(user_key) + ENV_MATCH)
end

filtered_query_string()

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 83
def filtered_query_string # :doc:
  query_string.gsub(PAIR_RE) do |_|
    parameter_filter.filter($1 => $2).first.join("=")
  end
end

parameter_filter()

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 64
def parameter_filter # :doc:
  parameter_filter_for fetch_header("action_dispatch.parameter_filter") {
    return NULL_PARAM_FILTER
  }
end

parameter_filter_for(filters)

# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 77
def parameter_filter_for(filters) # :doc:
  ActiveSupport::ParameterFilter.new(filters)
end