How to remove User's hashed-password (or any sensity information) from the responses

System Information
  • Strapi Version: 3.1.3
  • Operating System: Linux
  • Database: MySQL
  • Node Version: 12.18.3
  • NPM Version: 6.14.6
  • Yarn Version: 1.22.4

If User has a relation with some other entity (let’s say Project for example), then, every time a project is returned then I get the user(s) that are related with that project, but I also get a list with all the data of that entity, including the hashed password. Some of the data are useful for what I want to do but I don’t want all of them.

Is there a way to remove the hashed-password from all the responses that return nested user data?

Is there a way to remove other sensitive information?

Hi!

I believe you need to use Strapi’s built-in sanitizeEntity() method on the data, just before you return a response, as described here:

It should remove any sensitive data like hashed passwords and private fields. Hope that helps!