From 02ead6437eff88d01695e4ed0aac27f91284ad3b Mon Sep 17 00:00:00 2001
From: Andrew Babichev <andrew.babichev@gmail.com>
Date: Thu, 31 Mar 2016 18:13:39 +0300
Subject: [ci skip] Parameter filter performs regular expression partial
 matching

---
 guides/source/action_controller_overview.md | 2 ++
 guides/source/configuring.md                | 2 +-
 guides/source/security.md                   | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md
index 8997363fce..848c9caa59 100644
--- a/guides/source/action_controller_overview.md
+++ b/guides/source/action_controller_overview.md
@@ -1088,6 +1088,8 @@ You can filter out sensitive request parameters from your log files by appending
 config.filter_parameters << :password
 ```
 
+NOTE: Provided parameters will be filtered out by partial matching regular expression. Rails adds default `:password` in the appropriate initializer (`initializers/filter_parameter_logging.rb`) and cares about typical application parameters `password` and `password_confirmation`.
+
 ### Redirects Filtering
 
 Sometimes it's desirable to filter out from log files some sensitive locations your application is redirecting to.
diff --git a/guides/source/configuring.md b/guides/source/configuring.md
index e57d873719..e80f994deb 100644
--- a/guides/source/configuring.md
+++ b/guides/source/configuring.md
@@ -104,7 +104,7 @@ application. Accepts a valid week day symbol (e.g. `:monday`).
 
 * `config.filter_parameters` used for filtering out the parameters that
 you don't want shown in the logs, such as passwords or credit card
-numbers. New applications filter out passwords by adding the following `config.filter_parameters+=[:password]` in `config/initializers/filter_parameter_logging.rb`.
+numbers. New applications filter out passwords by adding the following `config.filter_parameters+=[:password]` in `config/initializers/filter_parameter_logging.rb`. Parameters filter works by partial matching regular expression.
 
 * `config.force_ssl` forces all requests to be served over HTTPS by using the `ActionDispatch::SSL` middleware, and sets `config.action_mailer.default_url_options` to be `{ protocol: 'https' }`. This can be configured by setting `config.ssl_options` - see the [ActionDispatch::SSL documentation](http://edgeapi.rubyonrails.org/classes/ActionDispatch/SSL.html) for details.
 
diff --git a/guides/source/security.md b/guides/source/security.md
index 4883c1abe7..16c5291037 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -494,6 +494,8 @@ By default, Rails logs all requests being made to the web application. But log f
 config.filter_parameters << :password
 ```
 
+NOTE: Provided parameters will be filtered out by partial matching regular expression. Rails adds default `:password` in the appropriate initializer (`initializers/filter_parameter_logging.rb`) and cares about typical application parameters `password` and `password_confirmation`.
+
 ### Good Passwords
 
 INFO: _Do you find it hard to remember all your passwords? Don't write them down, but use the initial letters of each word in an easy to remember sentence._
-- 
cgit v1.2.3