TEST_CODEOWNERS/rails
3
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request #49600 from Earlopain/filter-params-email

Browse Source 
Add email to the list of default filter parameters

Email addresses are considered personal data. While not quite on the same level of sensitivity as the other parameters in the list any application that implements signup through email without SSO inadvertently logs this information.
This commit is contained in:
Carlos Antonio da Silva 2023-10-12 09:12:59 -03:00 committed by GitHub
commit 3d5b2eefa2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt
View File

@ -4,5 +4,5 @@
# Use this to limit dissemination of sensitive information.
# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
Rails.application.config.filter_parameters += [
:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
:passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
]