Reputation: 33537
Rails Filter Parameters Filtering Too Much
In my filter parameters initializer, I'm filtering out all password related parameters that matter already:
# config/initializers/filter_parameter_logging.rb
Rails.application.config.filter_parameters += [:password, :password_confirmation]
But more parameters are being filtered out than I'd expect. It looks like anything that has "password" in the name filtered from the logs.
{"password_invite_form"=>"[FILTERED]"}
Is there any way to prevent pattern matching for filtered parameters and match the precise parameters that I have set?
Upvotes: 5
Views: 2201
Answers (2)
Reputation: 11092
You can use a regular expression, rather than a string or symbol, if you want to explicitly control the pattern matching.
# config/initializers/filter_parameter_logging.rb
Rails.application.config.filter_parameters += [/^password$/, /^password_confirmation$/]
This will tell Rails to filter "password" and "password_confirmation" exactly, but not filter other parameters that contain "password" as a substring.
Upvotes: 13
Reputation: 926
Yes. You would have to monkey patch the part of rails that's filtering out params that contain "password".
If it were my project I'd let rails continue to do its thing and just choose a different name for that parameter. If you need help with how to do that just comment.
Upvotes: 0
Related Questions
- How to filter parameters in rails?
- Filtering in Ruby on Rails
- Filter specific parameter
- Manually filter parameters in Rails
- Can I customize the way that Rails filters a parameter?
- Rails, filterrific with multiple parameters
- I think I'm messing around ... Rails params
- Rails way to define parameter for filter
- Add extra filter parameters in RoR
- Rails 3 why filter_parameters doesn't work