I had a thought about adding a new .default method to ActiveSupport::ParameterFilter.
The idea is to make it slightly easier to create a ParameterFilter instance using the app’s default filter params.
In a lot of bigger Rails projects, I saw devs often use custom loggers → need to filter sensitive params before logging. Right now, we usually end up writing something like this:
def filtered_params
@filter ||= ActiveSupport::ParameterFilter.new(Rails.application.config.filter_parameters)
@filter.filter(params.to_h)
end
What if we added a .default method to ParameterFilter? Something like:
module ActiveSupport
class ParameterFilter
def self.default
@default ||= new(Rails.application.config.filter_parameters)
end
end
end
Because in 99 out of 100 cases, we end up using the default Rails.application.config.filter_parameters anyway.
Anyway, just an idea! But if you think it could be useful, feel free to assign this one to me
We try to avoid having individual components depend on Rails or the global application instance… but (assuming there isn’t already one there – I haven’t checked) perhaps a Rails.application.parameter_filter method would be a good fit here?
The first precedents that come to mind are the backtrace cleaner and error reporter. Those both live directly on the Rails constant, but my initial instinct is still to keep this one more application-scoped: those apply to the overall runtime context (they’re “about code”), while this feels more focused on application-level user data.
Fair warning: I think there’s some latent complexity to this change, because (and this would be true even with an API more like your original proposal) we would want our existing internal call sites to be able to use it too, and at a quick glance they may require a bit more than a drop-in change.
If you’re up for exploring that, though, I do think there’s potential for making this better.
I made a change a few years ago that expose the parameter filter in all unit of work rails has (jobs and requests). So if you are inside of a job or a request you can just us the one that is provided by the framework.
What is the use case where it isn’t present today and you need to create one yourself?
