use filtered_path in action_controller event payloads instead of fullpath
This commit is contained in:
parent
89a2608c5d
commit
c59ce2cf71
@ -1,3 +1,13 @@
|
||||
* Change `ActionController::Instrumentation` to pass `filtered_path` instead of `fullpath` in the event payload to filter sensitive query params
|
||||
|
||||
```ruby
|
||||
get "/posts?password=test"
|
||||
request.full_path # => "/posts?password=test"
|
||||
response.filtered_path # => "/posts?password=[FILTERED]"
|
||||
```
|
||||
|
||||
*Ritikesh G*
|
||||
|
||||
* Deprecate `AbstractController::Helpers::MissingHelperError`
|
||||
|
||||
*Hartley McGuire*
|
||||
|
@ -63,7 +63,7 @@ def process_action(*)
|
||||
headers: request.headers,
|
||||
format: request.format.ref,
|
||||
method: request.request_method,
|
||||
path: request.fullpath
|
||||
path: request.filtered_path
|
||||
}
|
||||
|
||||
ActiveSupport::Notifications.instrument("start_processing.action_controller", raw_payload)
|
||||
|
@ -194,6 +194,13 @@ def test_process_action_with_view_runtime
|
||||
assert_match(/Completed 200 OK in \d+ms/, logs[1])
|
||||
end
|
||||
|
||||
def test_process_action_with_path
|
||||
@request.env["action_dispatch.parameter_filter"] = [:password]
|
||||
get :show, params: { password: "test" }
|
||||
wait
|
||||
assert_match(/\/show\?password=\[FILTERED\]/, @controller.last_payload[:path])
|
||||
end
|
||||
|
||||
def test_process_action_with_throw
|
||||
catch(:halt) do
|
||||
get :with_throw
|
||||
|
Loading…
Reference in New Issue
Block a user