Skip to content

Scrubbing HTTP_COOKIE #477

Description

@nagibyro

Issue

Some php hosting sets cookie values via $_SERVER['HTTP_COOKIE'] which can contain sensitive cookie values which are passed through to rollbar. DataBuilder::getHeaders() will pull the cookies into the payload.

Adding Cookie to scrub_fields configuration mitigated the issue for us, however that got rid of all cookies which may or may not be desirable.

Extra note it'd be nice if scrub_fields in php worked similarly to how the javascript sdk works where scrub fields appends to the default list of fields instead of replacing it, with an extra option if you wanted to override the default. see overwriteScrubFields and scrubFields in the js docs

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions