php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-01 11:39:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'security'

Browse Source
This commit is contained in:
SilverFire - Dmitry Naumenko
2019-01-28 22:50:38 +02:00
parent 353cc7ac92 8c72db9b48
commit e4eaccc14d
7 changed files with 83 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/guide/runtime-logging.md
View File

@ -216,6 +216,17 @@ You may configure `logVars` to be an empty array to totally disable the inclusio
Or if you want to implement your own way of providing context information, you may override the
[[yii\log\Target::getContextMessage()]] method.
In case some of your request fields contain sensitive information you would not like to log (e.g. passwords, access tokens),
you may additionally configure `maskVars` property. By default, the following request parameters will be masked with `***`:
`$_SERVER[HTTP_AUTHORIZATION]`, `$_SERVER[PHP_AUTH_USER]`, `$_SERVER[PHP_AUTH_PW]`, but you can set your own:
```php
[
'class' => 'yii\log\FileTarget',
'logVars' => ['_SERVER'],
'maskVars' => ['_SERVER.HTTP_X_PASSWORD']
]
```
### Message Trace Level <span id="trace-level"></span>