This project is archived and is in readonly mode.

#4335 ✓resolved
David Chelimsky

config.filter_parameters doesn't effect in-browser request dump

Reported by David Chelimsky | April 6th, 2010 @ 10:28 PM

rails-3.0.0.beta2

I've got config.filter_parameters << :password in config/application.rb. It filters the password in the logs, as expected, however, it quite unexpectedly shows all of my colleagues my password in the browser:

Request

Parameters:

{"commit"=>"Sign in",
 "authenticity_token"=>"...............",
 "user"=>{"remember_me"=>"0",
 "username"=>"my_username",
 "password"=>"my_password"}}

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Referenced by

Pages