Feature Request
Withhold sensitive information
Jon Bates
It would be safe to withhold sensitive information from being reported back to the user. e.g. parameters (maybe. from a request's query-string) named 'password' probably contain information that shouldn't be seen by developers.
Raygun
Jason Fauchelle
Posted on
Sep 09 2014
Hello Jon
If you are using the Raygun4Net provider, you can set the IgnoreFormFieldNames property of the RaygunSetting tag in web.config to be a comma separated list of form field keys that you want to filter out of the data sent to Raygun.io. Similarly, there is also IgnoreHeaderNames, IgnoreCookieNames and IgnoreServerVariableNames. (You can read more here: https://raygun.io/docs/languages#net)
We currently don't provide this option for the query-string parameters because the query string isn't secure in the first place, but there is still a way for you to remove any sensitive data from here too. To do this, you first need to provide a custom RaygunClient instance to use for sending messages. Simply make your HttpApplication class implement the IRaygunApplication interface. In the GenerateRaygunClient method, create and return a new RaygunClient instance. Now, on this RaygunClient instance, you can attach a handler to the SendingMessage event. Within your event handler, you'll get the RaygunMessage object before it is serialized and sent to Raygun.io. You can look through and modify this RaygunMessage however you want such as modifying the query strings value. (The query string is a dictionary that can be found at message.Details.Request.QueryString. Make sure to include null checks when you get this).
If you have any questions about this, or if you aren't using the Raygun4Net provider, please let us know.
-Jason Fauchelle