Filtering sensitive data from request and response XML

[ramontayag]

Currently, you can get the response XML via to_xml and you can get the request XML via Operation#request (#620).

I want to be able to filter the data on these. I was thinking of creating some type of scrubber and saw that Savon already has this ability.

How about optionally scrubbing the output of the request and response like so:

response = savon_client.call(...)
response.to_xml(filter: true)
response.request.to_xml(filter: true) # currently you have to call response.request.body to get the XML body. This feature would add a new method to SOAPRequest called `to_xml`

As you could probably tell, passing filter: true would filter the XMLs returned based on the filters defined.

I can implement this feature.

[tjarratt]

I must apologize for taking so long to respond to your issue, @ramontayag, I honestly didn't mean to wait so long to collect my thoughts here.

Thanks for your interest @ramontayag but I don't believe this functionality belongs in Savon itself. For logging, I can understand that users may want to avoid logging sensitive information (e.g.: usernames and passwords) via Savon, but I don't believe that filtering the actual response is a feature that is desirable here. More often than not, this should belong in your actual application, or some adapter that you wrap around Savon.

Hope this was helpful, and not too harsh or mean.

[ramontayag]

Not at all. Good thing I asked first. Thanks!