Closed cbl closed 3 years ago
Cannonb4ll
commented
3 years ago Mainly because of sensitive data we do not want to be responsible off which lands in our database.
If you have a way to filter out all the sensitive data the PR is more than welcome.
cbl
commented
3 years ago Aren't headers sensitive in the same way? 🤔
I think a good way to filter sensitive data within request parameters is to filter parameters whose name contains words like password, pw, pwd, ... and also give the user the option to filter additional parameters.
Same thing with headers (if this is not the case already), headers like Authorization and other known token headers should be filtered by default with the option to filter additional headers.
Cannonb4ll
commented
3 years ago They certainly are, but less common to contain user data that gets sent over.
That being said, you could recycle the blacklist so the user itself has control over this, this list is being used when receiving headers
Config: https://github.com/LaraBug/LaraBug/blob/master/config/larabug.php#L88
Function to filter: https://github.com/LaraBug/LaraBug/blob/cedbe1bf43aba83159601775c82d5785851bf4aa/src/LaraBug.php#L215
A PR is welcome for this 😎
cbl
commented
3 years ago Will create a pr when I find the time, I could have needed this in a view cases for debugging already 😅
Hi, everyone! I wondered if there is a reason why the request parameters are not logged. This can be very usefull in some cases. (Would do a pr if this would be accepted)