Do you know the Rails.application.config.filter_redirect filter? It’s an undocumented configuration feature which lets you filter certain redirect URLs from your log files. This is handy when you’re redirecting to a URL with tokens in it so that they don’t show up in the log. A bit like config.filter_parameters.
Add the following to a new initializer and it will show “Redirected to [FILTERED]” in the log for redirects to a URL that contains that string. That means it will filter https://example.com, http://www.example.com and the like.
Rails.application.config.filter_redirect = ['example.com']
But now on to this week’s interesting (Rails) security articles:
Like this kind of articles?
Subscribe to hear about new Rails security resources first. Only helpful articles and guides. Monthly(ish) updates, no spam.