oesmith / puffing-billy

A rewriting web proxy for testing interactions between your browser and external sites. Works with ruby + rspec.
MIT License
662 stars 168 forks source link

Filter sensitive data out of cache #340

Open iainbeeston opened 1 year ago

iainbeeston commented 1 year ago

I'd like to use the persist_cache option but many of my requests include API tokens in the URL (as query string parameters), and I don't want these persisting and committing to source control. I can't believe I'm the only person with this issue, but I can't see any option in the README or in the code to filter out sensitive strings. Something like VCR does with filter_sensitive_data. I'd have thought that after_cache_handles_request or before_handle_request but neither quite do the right thing (before_handle_request can strip the sensitive data before making the request but then it isn't available for the request, which causes the request to fail if the API token is needed). use_ignore_params can remove all parameters but if others are needed then that won't work (it also depends on having a fixed list of URLs that will have their params stripped from). Is there an official way to remove sensitive data from a request? Or would it need a PR? (Presumably yet another config option to strip data from the cache key?)