Adding filter_parameters in an Engine
Rails applications by default will log every parameter that is passed to a given controller. Normally this is desirable behavior but in the case of sensitive information (ex. passwords and credit card numbers) you should never log these values.
The recommended approach for this is to add a filter_parameters directive in your application configuration as shown below.
class Application < Rails::Application
config.filter_parameters += [:password]
But what if you are working within the context of a Rails Engine? For instance, in the Spreeapplication there is an engine that has a controller responsible for posting credit card information (over SSL of course.) After a little bit of digging I came up with the following solution:
class Engine < Rails::Engine
initializer "spree.params.filter" do |app|
app.config.filter_parameters += [:number]
It turns out you can dynamically declare an initializer in your Railtie and then just add the filter there.