search

PostHog / posthog.com

Official docs, website, and handbook for PostHog.
https://posthog.com
Other
423 stars 433 forks source link

Tutorial - How to mask url parameters #7118

Open MarconLP opened 12 months ago

MarconLP commented 12 months ago

If you have a website that is carrying sensitive data over the url (in this example secret_code in this url http://localhost:3000/?secret_code=12345), you will have to use the option sanitize_properties in the init function.

posthog.init("PROJECT_KEY, {
  sanitize_properties: (properties, event) => {
    const paramStartIndex = properties.$current_url.indexOf("secret_code=");
    const url = properties.$current_url;
    let maskedUrl = "";
    if (paramStartIndex !== -1) {
      const paramEndIndex = url.indexOf("&", paramStartIndex);
      maskedUrl =
        url.substring(0, paramStartIndex) +
        "secret_code=*****" +
        url.substring(paramEndIndex !== -1 ? paramEndIndex : url.length);
    }
    return { ...properties, $current_url: maskedUrl };
  },
});
andyvan-ph commented 12 months ago

Should this be a tutorial or in the doc somewhere?

MarconLP commented 12 months ago

A tutorial, since it falls into the same category as the Pageview tracking in SPA's tutorial (https://posthog.com/tutorials/single-page-app-pageviews)