Merge pull request #49600 from Earlopain/filter-params-email
Add email to the list of default filter parameters Email addresses are considered personal data. While not quite on the same level of sensitivity as the other parameters in the list any application that implements signup through email without SSO inadvertently logs this information.
This commit is contained in:
commit
3d5b2eefa2
2
railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt
2
railties/lib/rails/generators/rails/app/templates/config/initializers/filter_parameter_logging.rb.tt
@ -4,5 +4,5 @@
|
||||
# Use this to limit dissemination of sensitive information.
|
||||
# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
|
||||
Rails.application.config.filter_parameters += [
|
||||
:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
|
||||
:passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user