Home/ Questions/Q 561343
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T12:26:24+00:00

Rails provides filter_parameter_logging to filter sensitive parameters from the rails log. If you have

  • 0

Rails provides filter_parameter_logging to filter sensitive parameters from the rails log.

If you have a a JSONP API, some sensitive information could be present in the URL. Is there a way to filter request URLS from the log also?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Note: The answer here was the way to get it work on Rails 2.x ~> 3.0. Starting from Rails 3.1, if you set config.filter_parameters, Rails will filter out the sensitive parameter in the query string as well. See this commit for more detail.

    I think in that case, you need to override complete_request_uri in ActionController::Base, since ActionController::Benchmarking calls that method and prints the line that looks like:

    Completed in 171ms (View: 35, DB: 7) | 200 OK [http://localhost:3000/]

    I think you can put this in initializer to override this method

    class ActionController::Base
  private

  def complete_request_uri
    "#{request.protocol}#{request.host}#{request.request_uri.gsub(/secret=([a-z0-9]+)/i, "secret=[FILTERTED]")}"
  end
end

    Note that you need to play a bit with regular expression to make it substitute the portion you wanted.

    • 0