Skip to Content Skip to Search

module ActionDispatch::Http::FilterParameters

Action Dispatch HTTP Filter Parameters

Allows you to specify sensitive query string and POST parameters to filter from the request log.

# Replaces values with "[FILTERED]" for keys that match /foo|bar/i.
env["action_dispatch.parameter_filter"] = [:foo, "bar"]

For more information about filter behavior, see ActiveSupport::ParameterFilter.

Constants

KV_RE

"[^&;=]+"

PAIR_RE

%r{(#{KV_RE})=(#{KV_RE})}

Public class methods

new()

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 24
def initialize
  super
  @filtered_parameters = nil
  @filtered_env        = nil
  @filtered_path       = nil
  @parameter_filter    = nil
end

Public instance methods

filtered_env()

Returns a hash of request.env with all sensitive data replaced.

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 40
def filtered_env
  @filtered_env ||= env_filter.filter(@env)
end

filtered_parameters()

Returns a hash of parameters with all sensitive data replaced.

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 33
def filtered_parameters
  @filtered_parameters ||= parameter_filter.filter(parameters)
rescue ActionDispatch::Http::Parameters::ParseError
  @filtered_parameters = {}
end

filtered_path()

Reconstructs a path with all sensitive GET parameters replaced.

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 45
def filtered_path
  @filtered_path ||= query_string.empty? ? path : "#{path}?#{filtered_query_string}"
end

parameter_filter()

Returns the ActiveSupport::ParameterFilter object used to filter in this request.

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 51
def parameter_filter
  @parameter_filter ||= if has_header?("action_dispatch.parameter_filter")
    parameter_filter_for get_header("action_dispatch.parameter_filter")
  else
    NULL_PARAM_FILTER
  end
end

Private instance methods

env_filter()

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 60
def env_filter # :doc:
  user_key = fetch_header("action_dispatch.parameter_filter") {
    return NULL_ENV_FILTER
  }
  parameter_filter_for(Array(user_key) + ENV_MATCH)
end

filtered_query_string()

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 73
def filtered_query_string # :doc:
  query_string.gsub(PAIR_RE) do |_|
    parameter_filter.filter($1 => $2).first.join("=")
  end
end

parameter_filter_for(filters)

Source code GitHub 
# File actionpack/lib/action_dispatch/http/filter_parameters.rb, line 67
def parameter_filter_for(filters) # :doc:
  ActiveSupport::ParameterFilter.new(filters)
end

Definition files