-
Notifications
You must be signed in to change notification settings - Fork 21.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't fight against ourselves for the default log level #16622
Conversation
If we want to always default to :debug, let's just do that. At which point the production.rb entry can become an "uncomment to change" instead.
2 similar comments
🚢 🇮🇹 |
Don't fight against ourselves for the default log level
@@ -117,7 +117,7 @@ def database_configuration | |||
end | |||
|
|||
def log_level | |||
@log_level ||= Rails.env.production? ? :info : :debug | |||
@log_level ||= :debug |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@matthewd This would change the default for existing applications too, whereas the older implementation would keep the same default for existing applications, c/d? While this is probably okay, we should at least mention it in the upgrade guides.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 on this being a high risk change, people are going to be bitten by this hard. (eg: why is my app so slow, ahhh ... you have log level set to debug)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually I found this change complicating the debugging process because of too many logs. So changed back to config.log_level = :info
.
I recently learned that Rails logs at the :debug level (not the :info level) by default in production environments. This is a surprising behaviour, as other popular frameworks do not log at this level by default. It would not be surprising if a developer accidentally logged personally identifiable information (PII) in a production environment due to this behaviour. I noticed that [in 2014](rails#16622), the Rails project made an intentional decision to set the default log level to :debug. However, the landscape around logging PII has changed since then with the introduction of legislation like GDPR, so I thought it prudent to reopen this discussion.
I recently learned that Rails logs at the :debug level (not the :info level) by default in production environments. This is a surprising behaviour, as other popular frameworks do not log at this level by default. It would not be surprising if a developer accidentally logged personally identifiable information (PII) in a production environment due to this behaviour. I noticed that [in 2014](#16622), the Rails project made an intentional decision to set the default log level to :debug. However, the landscape around logging PII has changed since then with the introduction of legislation like GDPR, so I thought it prudent to reopen this discussion.
If we want to always default to
:debug
, let's just do that.At which point the production.rb entry can become an "uncomment to change" instead.