Do not sent POST body to Sentry

mozilla-services / location-leaderboard

A leaderboard service for Mozilla Geolocation Stumbling

Mozilla Public License 2.0

4 stars 5 forks source link

Do not sent POST body to Sentry #261

Closed jaredlockhart closed 8 years ago

jaredlockhart commented 8 years ago

We presently use Sentry to log exceptions, however this will send the POST body in its entirety to our ops controlled sentry instance which will contain unobfuscated URLs which come from users histories. We should be omitting or obfuscating this in some way to prevent leaking users histories.

jaredlockhart commented 8 years ago

@relud @jvehent @mostlygeek Feedback?

relud commented 8 years ago

I definitely think it should be omitted

mostlygeek commented 8 years ago

I favor omission too. Are there circumstances where having the URLs would help with debugging? If not, then they definitely should be omitted.

jvehent commented 8 years ago

Aye, let's omit and reduce the number of places where we store user sensitive stuff.

jaredlockhart commented 8 years ago

Okay I was not paying attention. This is the wrong repo.