From c4def9cd860b2ae6a11892ab9935bbeff0c0a372 Mon Sep 17 00:00:00 2001
From: cryptogopher <cryptogopher@noreply.me>
Date: Thu, 30 Apr 2026 18:26:43 +0200
Subject: [PATCH] Filter :email field logging only in production env

---
 config/environments/production.rb               | 3 +++
 config/initializers/filter_parameter_logging.rb | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/environments/production.rb b/config/environments/production.rb
index 1ae6261..4dd96d1 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -80,4 +80,7 @@ Rails.application.configure do
   #
   # Skip DNS rebinding protection for the default health check endpoint.
   # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
+
+  # Protect e-mail addresses from being logged only in production.
+  config.filter_parameters += [:email]
 end
diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb
index c0b717f..2224226 100644
--- a/config/initializers/filter_parameter_logging.rb
+++ b/config/initializers/filter_parameter_logging.rb
@@ -4,5 +4,5 @@
 # Use this to limit dissemination of sensitive information.
 # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
 Rails.application.config.filter_parameters += [
-  :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc
+  :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc
 ]