Filter additional parameters that have shown up in our logs
Upon inspection of logs, there were a number of fields not filtered. For example:
- authenticity_token: CSRF token
- rss_token: Used for RSS feeds
- secret: Used with Projects::UploadController
Rails provides a way to match regexps, so we now filter:
- Any parameter ending with
_token
- Any parameter containing
password
- Any parameter containing
secret