The services, environment, and request_uri attributes may all contain passwords and should not be logged.
Added filter to remove sensitive application attributes from logging.
@mheath I've created a story and prioritized it, thank you: https://www.pivotaltracker.com/story/show/64435730
Hi, @mheath ,
We noticed some inconsistency between the code and the spec: in particular, the spec looks for the request_uri field to be filtered out, but the code itself filters out droplet_uri. That seems like it might be a typo in the spec, but just wanted to verify what seems like an inconsistency.
Thanks, @ematpl and @kbkelly
Fixed the spec to check for removal of the correct field of the 'drop…
You're absolutely right. I updated the PR to test for the droplet_uri field which is the correct name of the attribute that needs to be filtered.