.NET client - exclude sensitive headers
andrew
Posted on
Jan 10 2014
We use the .NET client, and we log on a site which uses HTTP Basic Authentication.
Basic Authentication sends an Authorization header, which includes sensitive information - effectively, the username and password in plaintext! And this information is then persisted in Raygun.
Is there a way to exclude this information from being stored - perhaps a way of blocking specific HTTP headers from being logged? I can fork the project and probably add exclusion patterns fairly quickly, but didn't want to do this if the possibility already exists.
John-Daniel Trask
Raygun
Posted on
Jan 10 2014
Great suggestion Andrew. We'll look at making it so that our current filtering will apply to HTTP header keys as well (at present it only filters out form values by key).
We'll update this thread once it's in the provider.
Thanks again,
John-Daniel Trask
John-Daniel Trask
Raygun
Posted on
Jan 10 2014
Hi Andrew,
Just letting you know that the feature is available on a branch in the GitHub repo (it's called filter-headers). You can grab this and run build.bat if you'd like to try it immediately. We're holding off on deploying this now due to the weekend, but after a thorough test on Monday it will be available from NuGet.
Regards,
Callum Gavin
andrew
Posted on
Jan 10 2014
Brilliant, thank you - the commit looks great. I'll look forward to the nuget push. Thanks again!
cmp1979
Posted on
Jan 15 2014
Is this available in Nuget yet? If not what is the link to the github repo?
John-Daniel Trask
Raygun
Posted on
Jan 15 2014
It is now! :-)
Thanks for the request,
John-Daniel Trask
Co-founder
Mindscape
cmp1979
Posted on
Jan 16 2014
So how would I exclude something that is included in the server variable section?
I need to remove AUTH_PASS.
John-Daniel Trask
Raygun
Posted on
Jan 17 2014
This is another feature that we'd need to add to the provider, but is a simple one to add so we should be able to get it out in the next release. I'll let you know when this has been achieved and a new version is available from NuGet.
cmp1979
Posted on
Jan 22 2014
That would be great if you can let me know when that feature is available.
John Davalos
Posted on
Apr 21 2015
Is there any way we can do this in our Rails app? We have some data in our headers we'd like filtered out as well.