Skip to content

Commit

Permalink
Update documentation and annotation related to $maskVars property #…
Browse files Browse the repository at this point in the history
  • Loading branch information
xcopy committed Dec 12, 2024
1 parent 9d2ef8d commit 47e4c11
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
10 changes: 8 additions & 2 deletions docs/guide/runtime-logging.md
Original file line number Diff line number Diff line change
Expand Up @@ -217,14 +217,20 @@ Or if you want to implement your own way of providing context information, you m
[[yii\log\Target::getContextMessage()]] method.

In case some of your request fields contain sensitive information you would not like to log (e.g. passwords, access tokens),
you may additionally configure `maskVars` property. By default, the following request parameters will be masked with `***`:
you may additionally configure `maskVars` property, which can contain both exact values and (case-insensitive) patterns. By default,
the following request parameters will be masked with `***`:
`$_SERVER[HTTP_AUTHORIZATION]`, `$_SERVER[PHP_AUTH_USER]`, `$_SERVER[PHP_AUTH_PW]`, but you can set your own:

```php
[
'class' => 'yii\log\FileTarget',
'logVars' => ['_SERVER'],
'maskVars' => ['_SERVER.HTTP_X_PASSWORD']
'maskVars' => [
'_SERVER.HTTP_X_PASSWORD',
'_SERVER.*_SECRET', // matches all ending with "_SECRET"
'_SERVER.SECRET_*', // matches all starting with "SECRET_"
'_SERVER.*SECRET*', // matches all containing "SECRET"
]
]
```

Expand Down
5 changes: 5 additions & 0 deletions framework/log/Target.php
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,11 @@ abstract class Target extends Component
* - `var` - `var` will be logged as `***`
* - `var.key` - only `var[key]` will be logged as `***`
*
* In addition, this property accepts (case-insensitive) patterns. For example:
* - `_SERVER.*_SECRET` matches all ending with `_SECRET`, such as `$_SERVER['TOKEN_SECRET']` etc.
* - `_SERVER.SECRET_*` matches all starting with `SECRET_`, such as `$_SERVER['SECRET_TOKEN']` etc.
* - `_SERVER.*SECRET*` matches all containing `SECRET` i.e. both of the above.
*
* @since 2.0.16
*/
public $maskVars = [
Expand Down

0 comments on commit 47e4c11

Please sign in to comment.