From df77be88d2d31d2e73cc2eb6da6073f677c44f8e Mon Sep 17 00:00:00 2001 From: Emma Park Date: Wed, 17 Dec 2025 14:50:03 +1100 Subject: [PATCH 1/2] Unfilter Content-Type param in API logs Change the 'content' filter from a symbol to an exact-match regex (/\Acontent\z/i) so that 'Content-Type' header is visible in logs while still filtering the 'content' param. This helps debug API content-type issues, as engineers can now see the original Content-Type value sent by users instead of [FILTERED]. The MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/216761 Changelog: changed --- config/application.rb | 4 +++- spec/config/application_spec.rb | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index 05cede3102959b..c1d1292c3e68c3 100644 --- a/config/application.rb +++ b/config/application.rb @@ -234,13 +234,15 @@ class Application < Rails::Application sentry_dsn trace variables - content sharedSecret redirect question SAMLResponse selectedText ] + # Filter exact 'content' param only (not Content-Type header) + # so Content-Type is visible in logs for debugging API issues + config.filter_parameters += [/\Acontent\z/i] # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true diff --git a/spec/config/application_spec.rb b/spec/config/application_spec.rb index 709071ff81d29a..4ce1e1989379b4 100644 --- a/spec/config/application_spec.rb +++ b/spec/config/application_spec.rb @@ -32,6 +32,8 @@ def request_for_url(input_url) '/?selectedText=secret' | { 'selectedText' => filtered } '/?query=secret' | { 'query' => filtered } '/?message=secret' | { 'message' => filtered } + '/?content=secret' | { 'content' => filtered } + '/?Content-Type=application/json' | { 'Content-Type' => 'application/json' } end with_them do -- GitLab From a20588ea551ff2fd8b301c11dc17182de92927ad Mon Sep 17 00:00:00 2001 From: Joe Woodward Date: Thu, 18 Dec 2025 09:26:03 +0000 Subject: [PATCH 2/2] Target file_content and content fields --- config/application.rb | 6 ++---- spec/config/application_spec.rb | 5 +++++ 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/config/application.rb b/config/application.rb index c1d1292c3e68c3..50501131160de6 100644 --- a/config/application.rb +++ b/config/application.rb @@ -219,7 +219,8 @@ class Application < Rails::Application /^text$/, /^title$/, /^hook$/, - /^message$/ + /^message$/, + /^(file_)?content$/i ] config.filter_parameters += %i[ certificate @@ -240,9 +241,6 @@ class Application < Rails::Application SAMLResponse selectedText ] - # Filter exact 'content' param only (not Content-Type header) - # so Content-Type is visible in logs for debugging API issues - config.filter_parameters += [/\Acontent\z/i] # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true diff --git a/spec/config/application_spec.rb b/spec/config/application_spec.rb index 4ce1e1989379b4..b39269b357d6ba 100644 --- a/spec/config/application_spec.rb +++ b/spec/config/application_spec.rb @@ -33,6 +33,11 @@ def request_for_url(input_url) '/?query=secret' | { 'query' => filtered } '/?message=secret' | { 'message' => filtered } '/?content=secret' | { 'content' => filtered } + '/?file_content=secret' | { 'file_content' => filtered } + '/?with_content=true' | { 'with_content' => 'true' } + '/?content_ref=main' | { 'content_ref' => 'main' } + '/?content_range=0-1029' | { 'content_range' => '0-1029' } + '/?glm_content[type]=type' | { 'glm_content' => { 'type' => 'type' } } '/?Content-Type=application/json' | { 'Content-Type' => 'application/json' } end -- GitLab