Once upon a time there was an application where New Relic exposed credit card numbers in the parameter logging. This was a terrible day in a developers life – send sensitive information in the logs. Rails provides a great interface to confirm parameters are filtered from being sent across the wires when sensitive information is at stake. In old Rails we placed this in controllers, but in Rails 4 the default is to place filter_parameter_logging as a Rails.config.
The old way of doing this
# app/controllers/api/base_api_controller.rb class Api::BaseApiController < ApplicationController filter_parameter_logging :password, :password_confirmation, :card_number end # app/controllers/mobile/mobile_api_controller.rb class Mobile::BaseMobileController < ApplicationController filter_parameter_logging :password, :password_confirmation end
The issue becomes a lack of consistency, and of course you will say these should all go into ApplicationController, but Rails 4 does one better moving it to the Rails object and providing a better syntax for adding the attributes.
# config/initializers/filter_parameter_logging.rb Rails.application.config.filter_parameters += [:password] # Now part of Rails.config it can be added to the application.rb # config/application.rb module Campus class Application < Rails::Application config.filter_parameters += [:password] end end
This could also be adjusted in environment files too now, which makes things even better.