mirror of https://github.com/rails/rails
Add parameter filter capability for redirect locations
It uses the `config.filter_parameters` to match what needs to be filtered. The result would be like this: ``` Redirected to http://secret.foo.bar?username=roque&password=[FILTERED] ```
This commit is contained in:
parent
554e71af0b
commit
f4f3ef7781
|
@ -90,4 +90,15 @@
|
|||
|
||||
*Rafael Mendonça França*
|
||||
|
||||
* Add parameter filter capability for redirect locations.
|
||||
|
||||
It uses the `config.filter_parameters` to match what needs to be filtered.
|
||||
The result would be like this:
|
||||
|
||||
Redirected to http://secret.foo.bar?username=roque&password=[FILTERED]
|
||||
|
||||
Fixes #14055.
|
||||
|
||||
*Roque Pinel*, *Trevor Turk*, *tonytonyjan*
|
||||
|
||||
Please check [7-1-stable](https://github.com/rails/rails/blob/7-1-stable/actionpack/CHANGELOG.md) for previous changes.
|
||||
|
|
|
@ -11,7 +11,7 @@ module ActionDispatch
|
|||
if location_filter_match?
|
||||
FILTERED
|
||||
else
|
||||
location
|
||||
parameter_filtered_location
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -33,6 +33,16 @@ module ActionDispatch
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
def parameter_filtered_location
|
||||
uri = URI.parse(location)
|
||||
unless uri.query.nil? || uri.query.empty?
|
||||
uri.query.gsub!(FilterParameters::PAIR_RE) do
|
||||
request.parameter_filter.filter($1 => $2).first.join("=")
|
||||
end
|
||||
end
|
||||
uri.to_s
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -32,6 +32,10 @@ module Another
|
|||
redirect_to "http://secret.foo.bar/"
|
||||
end
|
||||
|
||||
def filterable_redirector_with_params
|
||||
redirect_to "http://secret.foo.bar?username=repinel&password=1234"
|
||||
end
|
||||
|
||||
def data_sender
|
||||
send_data "cool data", filename: "file.txt"
|
||||
end
|
||||
|
@ -266,6 +270,32 @@ class ACLogSubscriberTest < ActionController::TestCase
|
|||
assert_equal "Redirected to [FILTERED]", logs[1]
|
||||
end
|
||||
|
||||
def test_does_not_filter_redirect_params_by_default
|
||||
get :filterable_redirector_with_params
|
||||
wait
|
||||
|
||||
assert_equal 3, logs.size
|
||||
assert_equal "Redirected to http://secret.foo.bar?username=repinel&password=1234", logs[1]
|
||||
end
|
||||
|
||||
def test_filter_redirect_params_by_string
|
||||
@request.env["action_dispatch.parameter_filter"] = ["password"]
|
||||
get :filterable_redirector_with_params
|
||||
wait
|
||||
|
||||
assert_equal 3, logs.size
|
||||
assert_equal "Redirected to http://secret.foo.bar?username=repinel&password=[FILTERED]", logs[1]
|
||||
end
|
||||
|
||||
def test_filter_redirect_params_by_regexp
|
||||
@request.env["action_dispatch.parameter_filter"] = [/pass.+/]
|
||||
get :filterable_redirector_with_params
|
||||
wait
|
||||
|
||||
assert_equal 3, logs.size
|
||||
assert_equal "Redirected to http://secret.foo.bar?username=repinel&password=[FILTERED]", logs[1]
|
||||
end
|
||||
|
||||
def test_send_data
|
||||
get :data_sender
|
||||
wait
|
||||
|
|
|
@ -1210,7 +1210,8 @@ You can set it to a String, a Regexp, or an array of both.
|
|||
config.filter_redirect.concat ['s3.amazonaws.com', /private_path/]
|
||||
```
|
||||
|
||||
Matching URLs will be marked as '[FILTERED]'.
|
||||
Matching URLs will be replaced with '[FILTERED]'. However, if you only wish to filter the parameters, not the whole URLs,
|
||||
please take a look at [Parameters Filtering](#parameters-filtering).
|
||||
|
||||
Rescue
|
||||
------
|
||||
|
|
Loading…
Reference in New Issue