Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add
cvv
and card_
as default parameters to filter out in new apps
In general you should not be posting credit card details to your server, you should be using a processor like Stripe or Braintree. But if you make a mistake in your form and *do* post a user's credit card number, those details will get logged by default, even if your server doesn't use them. Now you're potentially "storing card data" and so you have a whole bunch more legal requirements to do it securely. This PR adds `cvv` and `card_` to the defaults for [`ActiveSupport::ParameterFilter`](https://api.rubyonrails.org/v7.1.3.4/classes/ActiveSupport/ParameterFilter.html) for new apps. This means that params with those names will not get logged by default. This just changes the template for new apps; there's no changes made to existing apps.
- Loading branch information