[docs] Change regular expression used in Logger middleware example #1281
Comments
|
I think this sounds like a careful and helpful change - perhaps even a contextual detail about the regex ("match until the next &") . You gave good context for when and why this would help a user. I'm for it! Do you want to offer a PR? |
|
I very much welcome a PR for either improving the doc or adding functionality ("perhaps the logger middleware could take a list of param/header names to redact values for"), but in case of the latter we definitely don't want features to only work under Rails, so that would need a framework-agnostic implementation |
|
Ok. I've been pretty swamped but I'll try for next week. If someone wants to do it before I get to it, it's all yours. |
olleolleolle
changed the title
|
For anyone who would like to fix this:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The online documentation for the
:loggermiddleware contains this block:While most API keys are indeed alphanumeric, some keys/secrets contain periods, dashes, or are entirely base64-encoded.
As a result, I wanted to suggest replacing the
\w+in this regex with[^&]+. (Barring any unforeseen reason on my part why that shouldn't be the case.)My thinking is that knowing the intricacies of regexes isn't otherwise needed to use this gem, and someone using the gem could very easily copy this from the docs, replacing
api_keywith any other parameter name (say,password), and think they are fully/securely omitting sensitive data from their logs.Ideally, perhaps the logger middleware could take a list of param/header names to redact values for, in addition to regexes, (or perhaps even use Rails' by default,
if defined?(Rails) && Rails.application.config&.filter_parameters), but that might be considered beyond the scope of this documentation tweak.The text was updated successfully, but these errors were encountered: