This project is archived and is in readonly mode.
config.filter_parameters doesn't effect in-browser request dump
Reported by David Chelimsky | April 6th, 2010 @ 10:28 PM
rails-3.0.0.beta2
I've got config.filter_parameters <<
:password in config/application.rb. It filters the password
in the logs, as expected, however, it quite unexpectedly shows all
of my colleagues my password in the browser:
Request
Parameters:
{"commit"=>"Sign in",
"authenticity_token"=>"...............",
"user"=>{"remember_me"=>"0",
"username"=>"my_username",
"password"=>"my_password"}}
Comments and changes to this ticket
-
Repository April 7th, 2010 @ 12:43 AM
- State changed from “new” to “resolved”
(from [eb063538bd58c915c953e4b8a295d3a1b1a321d5]) Use config.filter_parameters on in-browser request dump. [#4335 state:resolved] http://github.com/rails/rails/commit/eb063538bd58c915c953e4b8a295d3...
-
David Chelimsky April 7th, 2010 @ 06:17 AM
- Assigned user set to “José Valim”
Thanks for the quick turnaround.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
David Chelimsky
José Valim
Referenced by
-
4335
config.filter_parameters doesn't effect in-browser request dump
(from [eb063538bd58c915c953e4b8a295d3a1b1a321d5])
Use con...