config.filter_parameters keys ignored
Closed this issue · 5 comments
Hi,
I am using goldiloader on a project.
I don't really know if my issue is related to this specific gem but i have some keys configured in my Rails.application.config.filter_parameters.
It works perfectly before adding goldiloader gem to my Gemfile but then, it seems that my filter_parameters keys are not used anymore so sensitive data could appear on logs when I inspect a record (eg: User with some password etc.)
I have tested on 2 projects, same issue on both.
Maybe it could be related to this issue : rails/rails#48704
Thanks guys for your work.
Hmm. It definitely sounds like it could be related but I wasn't able to reproduce the problem in Goldiloader's test suite. Can you see if https://github.com/salsify/goldiloader/compare/lazy-load-active-record fixes the problem in your app?
Hi
thanks for your reply.
I've just tested with a simple rails app with few gems. Just added email key to my filter_parameters. Then just opened a rails console to inspect a User record.
Before your fix, email column was not filtered.
By using https://github.com/salsify/goldiloader/compare/lazy-load-active-record, email column is filtered.
Your commit seems to fix the issue.
Maybe you can test as i have tested to be sure issue that i report is a real issue.
Thanks a lot
I was unable to reproduce this problem using a new Rails app with the latest released versions of goldiloader and rails. The test app can be found here. In particular, see config/application.rb for the filter_parameters config and test/models/article_test.rb for a test to ensure the filters are working. Could you provide more details on how to reproduce the problem against my test app?
Thanks for the example.
Just reproduce the problem by moving the filter_parameters config from config/application.rb to config/initializers/filter_parameter_logging.rb