0
我提出以下POST请求some_action
在ApiController
:如何过滤掉POST请求的所有参数?
HTTParty.post('https://example.com/api/some_action.json?token=foo',
headers: {'Content-Type' => 'application/json'},
body: {some_key: 'some_value'}.to_json
)
我试图筛选出提交正文的内容,因为它包含敏感信息。然而,我的日志中写道:
Started POST "/api/some_action.json?token=[FILTERED]" for 127.0.0.1 at 2016-11-28 12:30:32 +0100
Processing by ApiController#some_action as JSON
Parameters: {"some_key"=>"[FILTERED]", "token"=>"[FILTERED]", "api"=>{"some_key"=>"[FILTERED]"}}
当我想到PARAMS我得到的PARAMS我得到:
def some_action
Rails.logger.error params
# => {"some_key"=>"some_value", "token"=>"foo", "controller"=>"api", "action"=>"some_action", "format"=>"json", "api"=>{"some_key"=>"some_value"}}
end
似乎有一个多余的PARAM称为api
,我想指的是控制器名称。但我无法过滤它。我可以过滤some_key参数,但不是整个api
参数。任何想法如何过滤api
以及如何避免在日志中写入两次参数?我曾尝试以下没有成功:
config.filter_parameters += [:api, :some_key]