我正在向some_action中的ApiController发送以下POST请求:
HTTParty.post( 'https://example.com/api/some_action.json?token=foo',
headers: {'Content-Type' => 'application/json'},
body: {some_key: 'some_value'}.to_json
)
我正在尝试过滤掉提交的正文的内容,因为它包含敏感信息。但是,我的日志写道:
Started POST "/api/some_action.json?token=[FILTERED]" for 127.0.0.1 at 2016-11-28 12:30:32 +0100
Processing by ApiController#some_action as JSON
Parameters: {"some_key"=>"[FILTERED]", "token"=>"[FILTERED]", "api"=>{"some_key"=>"[FILTERED]"}}
当我期待这些参数时,我得到了参数:
def some_action
Rails.logger.error params
# => {"some_key"=>"some_value", "token"=>"foo", "controller"=>"api", "action"=>"some_action", "format"=>"json", "api"=>{"some_key"=>"some_value"}}
end
似乎有一个名为api的额外参数,我想这是指控制器名称。但我无法过滤它。我可以过滤some_key参数,但不能过滤整个api参数。知道我如何过滤api以及如何避免在日志中写入两次参数?我没有成功尝试以下内容:
config.filter_parameters += [:api, :some_key]
答案 0 :(得分:1)
lib/params_filter.rb
class ParamsFilter
def self.filter(params)
params.except(:api, :some_key)
end
end
然后在你的代码中:
rails.logger.error ParamsFilter.filter(params)