sentry-php
sentry-php copied to clipboard
Ability to filter request input from being sent to Sentry
Problem Statement
I would like an easy way to configure this integration from sending certain request input to Sentry. Right now the documentation suggests we use the before_send
configuration option, but this has two issues.
- It's a painful amount of code for something very simple. Plus, I couldn't find any ready to go documentation on how to implement it.
'before_send' => function (Event $event, ?EventHint $hint): ?Event {
$request = $event->getRequest();
if ($data = Arr::get($request, 'data')) {
foreach (['password', 'password_confirmation'] as $field) {
if (Arr::has($data, $field)) {
$data[$field] = '[FILTERED]';
}
}
$request['data'] = $data;
$event->setRequest($request);
}
return $event;
},
- It isn't supported when using
config:cache
. The docs suggest that I can use the callable array syntax but that doesn't seem to work for `before_send.
Symfony\Component\OptionsResolver\Exception\InvalidOptionsException
The option "before_send" with value array is expected to be of type "callable", but is of type "array".
Solution Brainstorm
Simplest solution would be config option that accepts an array of field names that would be removed or filtered before being sent to Sentry.
'filter_fields' => ['password', 'password_confirmation'],
I note that Flare has more advanced options, including middleware that makes it easy to filter input and headers.
CensorRequestBodyFields::class => [
'censor_fields' => [
'password',
'password_confirmation',
],
],
CensorRequestHeaders::class => [
'headers' => [
'API-KEY',
'Authorization',
'Cookie',
'Set-Cookie',
'X-CSRF-TOKEN',
'X-XSRF-TOKEN',
]
]
Hey @dwightwatson, you mention 1 issue here and a feature request.
The docs suggest that I can use the callable array syntax but that doesn't seem to work for `before_send.
Are you sure you followed the example to the letter? This works in all my testing so far, maybe you can share what you tried? A common thing is that it's overlooked that it needs to be a static
function.
Simplest solution would be config option that accepts an array of field names that would be removed or filtered before being sent to Sentry.
I agree that that would be more elegant, happy to explore that path a bit further to see what we can cook up to make this a little simpler in the future!
Hey @stayallive thanks for that.
You're right - I missed that it was a static
method required. I had a regular public method and after fixing that it now works fine. That's my bad.
Would love to see this simplified further to remove the additional boilerplate. Plus, it seems like it would be beneficial for password
and password_confirmation
to be filtered by default on a fresh Laravel app.
I'm at least glad that the static
fixes the before_send
! One solved.
I'm going to see if we can figure something out for not sending data to Sentry. I'm guessing you do know that these fields are filtered away server side (or on Relay) but that you don't even want to sent it?
I know we had some filtering option in past SDK versions so unsure if we would want to bring a version of that back.
Yes - I have already added these as filtered on Sentry's side. In one app I'm dealing with some sensitive personal information and it seems better to me that this doesn't leave my server at all.