ChristofferJoergensen ChristofferJoergensen - 10 days ago 5
Ruby Question

How to filter out all params of a POST request?

I am making the following POST request to

some_action
in the
ApiController
:

HTTParty.post( 'https://example.com/api/some_action.json?token=foo',
headers: {'Content-Type' => 'application/json'},
body: {some_key: 'some_value'}.to_json
)


I am trying to filter out the content of the submitted body, because it contains sensitive information. However, my log writes:

Started POST "/api/some_action.json?token=[FILTERED]" for 127.0.0.1 at 2016-11-28 12:30:32 +0100
Processing by ApiController#some_action as JSON
Parameters: {"some_key"=>"[FILTERED]", "token"=>"[FILTERED]", "api"=>{"some_key"=>"[FILTERED]"}}


When I expect the params I get the params I get:

def some_action
Rails.logger.error params
# => {"some_key"=>"some_value", "token"=>"foo", "controller"=>"api", "action"=>"some_action", "format"=>"json", "api"=>{"some_key"=>"some_value"}}
end


It seems that there is an extra param called
api
, which I suppose refers to the controller name. But I can't filter it. I can filter some_key param, but not the entire
api
param. Any idea how I can filter the
api
and how I can avoid to have the params written twice in the log? I have tried the following without success:

config.filter_parameters += [:api, :some_key]

Answer

lib/params_filter.rb

class ParamsFilter
  def self.filter(params)
    params.except(:api, :some_key)
  end
end

and then in your code:

rails.logger.error ParamsFilter.filter(params)