Exceptionless.Net icon indicating copy to clipboard operation
Exceptionless.Net copied to clipboard

Published 20 hours ago verified publisher icon exceptionless

Look into adding a default exclude for asp.net form fields

Open niemyjski opened this issue 8 years ago • 11 comments

Currently we ignore all fields prefixed with *__ hard coded and there is no way to allow this or other server variables. We should look into just making these defaults in exclusions that you can remove or set.

We've had requests for specific http headers as well as __EVENTTARGET and __EVENTARGUMENT. But there is no way to add these without a custom plugin :\

niemyjski avatar Feb 14 '17 16:02 niemyjski

@ejsmith I think this should just be a wildcard in event exclusions, thoughts?

niemyjski avatar Feb 14 '17 16:02 niemyjski

Yeah, we should make it a default config setting that can be overridden. The problem is that there are some ASP.NET events that can be MASSIVE.

ejsmith avatar Feb 14 '17 16:02 ejsmith

What do you think for a name? We already have data exclusions

niemyjski avatar Feb 14 '17 16:02 niemyjski

Why wouldn't it be part of data exclusions?

ejsmith avatar Feb 14 '17 16:02 ejsmith

Yeah, but how do you update existing data exclusions that might of been updated?

niemyjski avatar Feb 14 '17 16:02 niemyjski

Our request info doesn't collect headers currently either. and if we add this to data exclusions it would have to be server side only which means junk coming in off the bat.

niemyjski avatar Feb 15 '17 03:02 niemyjski

All of the DataExclusions is additive by default.

niemyjski avatar Feb 15 '17 03:02 niemyjski

We need to think of something better for this as we probably should do a pass where we can configure local default exclusions that are merged much like the initial default log level...

niemyjski avatar Feb 15 '17 04:02 niemyjski

I guess I could populate the data exclusions with these values by default and server side would overwrite them...

niemyjski avatar Feb 15 '17 04:02 niemyjski

Is that intuitive

niemyjski avatar Feb 15 '17 04:02 niemyjski

This references https://github.com/exceptionless/Exceptionless.Net/issues/127 as well

niemyjski avatar Feb 15 '17 04:02 niemyjski

@ejsmith I'm suggesting we add this to the default data exclusions, perhaps we could do it client side only in the asp.net plugin or update server side excludes

niemyjski avatar Apr 12 '23 13:04 niemyjski

I agree that it needs to be part of default excludes. The problem with doing it server side is that it's assuming a specific platform / language and is not relevant to other platforms.

ejsmith avatar Apr 12 '23 20:04 ejsmith

Here are our current hard coded excludes:

I don't want to have a million different configuration settings so not sure what to do here. Rereading this original issue I'm a bit confused by the ask now. I'm thinking perhaps we close this and if requested again, we may want to move these to client side configuration options and let the user add or remove these in code? Default data exclusions also applies to these values so it's ignoring these and others.

        private static readonly List<string> _ignoredHeaders = new List<string> {
            "Authorization",
            "Cookie",
            "Host",
            "Method",
            "Path",
            "Proxy-Authorization",
            "Referer",
            "User-Agent"
        };

        private static readonly List<string> _ignoredCookies = new List<string> {
            ".ASPX*",
            "__*",
            "*SessionId*"
        };

        private static readonly List<string> _ignoredFormFields = new List<string> {
            "__*"
        };

niemyjski avatar Apr 27 '23 12:04 niemyjski