FIX: Don't sanitize API username so that we can potentially identify the source.

config/application.rb

@@ -103,7 +103,6 @@ module Discourse
         :password,
         :pop3_polling_password,
         :api_key,
-        :api_username,
         :s3_secret_access_key,
         :twitter_consumer_secret,
         :facebook_app_secret,

plugins/discourse-nginx-performance-report/script/nginx_analyze.rb

@@ -49,7 +49,7 @@ class LogAnalyzer
     private
 
     def self.sanitize_url(url)
-      url.gsub(/(api_key|api_username)=([\w.\-]+)/, '\1=[FILTERED]')
+      url.gsub(/api_key=([\w.\-]+)/, '\1=[FILTERED]')
     end
   end