I'd like to use the persist_cache option but many of my requests include API tokens in the URL (as query string parameters), and I don't want these persisting and committing to source control. I can't believe I'm the only person with this issue, but I can't see any option in the README or in the code to filter out sensitive strings. Something like VCR does with filter_sensitive_data. I'd have thought that after_cache_handles_request or before_handle_request but neither quite do the right thing (before_handle_request can strip the sensitive data before making the request but then it isn't available for the request, which causes the request to fail if the API token is needed). use_ignore_params can remove all parameters but if others are needed then that won't work (it also depends on having a fixed list of URLs that will have their params stripped from). Is there an official way to remove sensitive data from a request? Or would it need a PR? (Presumably yet another config option to strip data from the cache key?)
I'd like to use the
persist_cacheoption but many of my requests include API tokens in the URL (as query string parameters), and I don't want these persisting and committing to source control. I can't believe I'm the only person with this issue, but I can't see any option in the README or in the code to filter out sensitive strings. Something like VCR does withfilter_sensitive_data. I'd have thought thatafter_cache_handles_requestorbefore_handle_requestbut neither quite do the right thing (before_handle_requestcan strip the sensitive data before making the request but then it isn't available for the request, which causes the request to fail if the API token is needed).use_ignore_paramscan remove all parameters but if others are needed then that won't work (it also depends on having a fixed list of URLs that will have their params stripped from). Is there an official way to remove sensitive data from a request? Or would it need a PR? (Presumably yet another config option to strip data from the cache key?)