Example of stripping credentials / sensitive data from GET params when using VCR (5.0.x)

vcr_strip_credentials_from_params.rb

class URLSanitizer
  def self.equal?(first, second)
    new(first) == new(second)
  end

  def self.sanitize(url)
    new(url).to_s
  end

  def initialize(url)
    @url = url
  end

  def ==(other)
    hash == other.hash
  end

  def hash
    [self.class, uri.scheme, uri.host, uri.path, params].hash
  end

  def params
    parsed_params.reject {|k| k == "token" }
  end

  def to_s
    uri.dup.tap {|uri| uri.query = params.to_query if params.any? }.to_s
  end

  private

  def parsed_params
    Rack::Utils.parse_query(uri.query)
  end

  def uri
    @uri ||= URI(@url)
  end
end

VCR.configure do |config|
  matcher = lambda do |one, two|
    one.method == two.method && URLSanitizer.equal?(one.uri, two.uri)
  end

  config.default_cassette_options = {
    match_requests_on: [matcher]
  }

  config.before_record do |interaction|
    interaction.request.uri = URLSanitizer.sanitize(interaction.request.uri)
  end

  config.cassette_library_dir = "spec/integration/fixtures"
  config.hook_into :webmock
end