use filtered_path in action_controller event payloads instead of fullpath

actionpack/CHANGELOG.md

@@ -1,3 +1,13 @@
+*   Change `ActionController::Instrumentation` to pass `filtered_path` instead of `fullpath` in the event payload to filter sensitive query params
+
+    ```ruby
+    get "/posts?password=test"
+    request.full_path         # => "/posts?password=test"
+    response.filtered_path    # => "/posts?password=[FILTERED]"
+    ```
+
+    *Ritikesh G*
+
 *   Deprecate `AbstractController::Helpers::MissingHelperError`
 
     *Hartley McGuire*

actionpack/lib/action_controller/metal/instrumentation.rb

@@ -63,7 +63,7 @@ def process_action(*)
           headers: request.headers,
           format: request.format.ref,
           method: request.request_method,
-          path: request.fullpath
+          path: request.filtered_path
         }
 
         ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload)

actionpack/test/controller/log_subscriber_test.rb

@@ -194,6 +194,13 @@ def test_process_action_with_view_runtime
     assert_match(/Completed 200 OK in \d+ms/, logs[1])
   end
 
+  def test_process_action_with_path
+    @request.env["action_dispatch.parameter_filter"] = [:password]
+    get :show, params: { password: "test" }
+    wait
+    assert_match(/\/show\?password=\[FILTERED\]/, @controller.last_payload[:path])
+  end
+
   def test_process_action_with_throw
     catch(:halt) do
       get :with_throw