-
-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not filtering query string params #229
Comments
When you append the params to your payload make sure you do it with your request’s `filtered_parameters`. Otherwise you’re including params pre the filtering.
…Sent from my iPhone
On 27 Sep 2017, at 21:54, Phillip Novess ***@***.***> wrote:
I'm seeing sensitive data logged that is coming from the querystring. The path isn't being filtered for the query string. Any suggestions on how to do that other than remove the action / controller from being logged?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Hmm. I'm not changing the payload. And only the query string params are the issue. All others are filtered. |
OK, they're being included in the path? The easiest thing to do is to exclude that action as you rightly stated. Otherwise, I'd happily accept a patch that performs the requisite filtering at |
stanhu
added a commit
to stanhu/lograge
that referenced
this issue
Mar 20, 2018
The Location URL may contain sensitive information, so just like the path we should remove the query string. Closes roidrage#229
stanhu
added a commit
to stanhu/lograge
that referenced
this issue
Mar 20, 2018
The Location URL may contain sensitive information, so just like the path we should remove the query string. Closes roidrage#229
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm seeing sensitive data logged (api keys, etc) that is coming from the querystring. The path isn't being filtered for the query string. Any suggestions on how to do that other than remove the action / controller from being logged?
The text was updated successfully, but these errors were encountered: