Avoiding filtering of certain values

Fredrik Björk's Avatar

Fredrik Björk

12 Mar, 2012 02:22 AM

Hi,

I don't want Airbeak to filter certain values by default, i.e remember_token. How do I configure that?

  1. Support Staff 2 Posted by Ben Arent on 12 Mar, 2012 04:00 AM

    Ben Arent's Avatar

    Hey Fredrik,

    Please check the filtering info on github page. https://github.com/airbrake/airbrake

    Thanks
    Ben

  2. Ben Arent closed this discussion on 12 Mar, 2012 04:00 AM.

  3. Fredrik Björk re-opened this discussion on 12 Mar, 2012 04:25 AM

  4. 3 Posted by Fredrik Björk on 12 Mar, 2012 04:25 AM

    Fredrik Björk's Avatar

    I did, but it doesn't say how to remove the default filtering params?

  5. Support Staff 4 Posted by Ben Arent on 12 Mar, 2012 04:29 AM

    Ben Arent's Avatar

    Do you mean this? http://cl.ly/1i1F2g0R030H1c2h1r1D It's in project settings.

  6. 5 Posted by Fredrik Björk on 12 Mar, 2012 04:30 AM

    Fredrik Björk's Avatar

    I do not want to filter remember_token values for example. How do I do that?

  7. Support Staff 6 Posted by Stu on 14 Mar, 2012 07:18 PM

    Stu's Avatar

    Hey Fredrik,

    Check in your console to see what params are currently being filtered using ree-1.8.7-2011.03 :006 > Airbrake.configuration.params_filters
    => ["password", "password_confirmation", "remember_token"]

    In your airbrake initializer I would add something like Airbrake.configuration.params_filters.delete('remember_token')

    I haven't tested this live but it makes sense to me.

    Please reopen if this doesn't solve.

    Cheers

    Stu

  8. Stu closed this discussion on 14 Mar, 2012 07:18 PM.

  9. Fredrik Björk re-opened this discussion on 14 Mar, 2012 08:55 PM

  10. 7 Posted by Fredrik Björk on 14 Mar, 2012 08:55 PM

    Fredrik Björk's Avatar

    My params_filters output this:
    ["password", "password_confirmation"]

    Is there something else filtering my session variables?

  11. Support Staff 8 Posted by Stu on 14 Mar, 2012 09:38 PM

    Stu's Avatar

    Im going to dig deeper into this Fredrik,

    Will report back with my findings.

    Cheers

    Stu

  12. Support Staff 9 Posted by Stu on 27 Mar, 2012 06:00 AM

    Stu's Avatar

    Heya Fredrik,

    What version of rails are you using?

    Cheers

    Stu

  13. 10 Posted by Fredrik Björk on 27 Mar, 2012 02:53 PM

    Fredrik Björk's Avatar

    3.1.4

  14. Support Staff 11 Posted by Herb on 29 Mar, 2012 12:13 AM

    Herb's Avatar

    Hey Frederik,
    are you sure Airbrake is responsible?

    Can you confirm that param is not filtered in your server logs?

    Thanks

    Herb

  15. 12 Posted by Fredrik Björk on 29 Mar, 2012 12:34 AM

    Fredrik Björk's Avatar

    We use Airbrake on Heroku. Are you saying their server logs would somehow filter certain values?

  16. Support Staff 13 Posted by Herb on 29 Mar, 2012 04:55 PM

    Herb's Avatar

    If this key isn't in Airbrake.configuration.params_filters, filtering by our gem - which occurs here doesn't happen for this key.

    I'm guessing your key is already filtered by your app. Are you using Devise? Maybe it has something to do with their filtering strategy?

    I wanted you to confirm that the params are not filtered before you raise the exception in your controller, can you do it locally?

    Thanks

  17. 14 Posted by Fredrik Björk on 29 Mar, 2012 07:20 PM

    Fredrik Björk's Avatar

    irb(main):001:0> Airbrake.configuration.params_filters
    => ["password", "password_confirmation"]

    We're using Clearance in our app. What else could it be causing some values to get filtered?

  18. Support Staff 15 Posted by Herb on 29 Mar, 2012 10:07 PM

    Herb's Avatar

    Maybe, check this out. What's the output of Rails.application.config.filter_parameters?

  19. 16 Posted by Fredrik Björk on 29 Mar, 2012 10:34 PM

    Fredrik Björk's Avatar

    irb(main):001:0> Rails.application.config.filter_parameters
    => [:password, :token, :password]

  20. 17 Posted by Fredrik Björk on 25 Apr, 2012 12:52 AM

    Fredrik Björk's Avatar

    Is Aibrake using a regexp to determine these values? i.e would remember_token get filtered by the :token in filter_parameters?

  21. Support Staff 18 Posted by Herb on 25 Apr, 2012 10:36 AM

    Herb's Avatar

    Hey again Fredrik. Sorry for not updating sooner. Yeah, we were using include? to determine params filtering.

    I've just pushed a fix for this.

    Thanks for reporting.

  22. 19 Posted by Fredrik Björk on 05 Jun, 2012 09:39 PM

    Fredrik Björk's Avatar

    After upgrading to the latest version of Airbrake (3.1.0) remember_token is filtered again. Bug got introduced again?

  23. 20 Posted by Fredrik Björk on 18 Jun, 2012 04:22 PM

    Fredrik Björk's Avatar

    Anyone have a fix for this? We really need the remember_token value to track down bugs.

  24. Support Staff 21 Posted by Morgan on 18 Jun, 2012 04:49 PM

    Morgan's Avatar

    Hello Fredrik,

    I have sent a reminder to the development team to look into this issue for you.
    I will keep an eye on this ticket and check in with any updates I get about the remember_token.

    From,
    Morgan

  25. Support Staff 22 Posted by Morgan on 19 Jun, 2012 04:24 PM

    Morgan's Avatar

    Hello Fredrick,

    I have Just pushed this ticket up to high priority and Emailed Herb to look into this issue again. Sorry about the delay on a solution so far. I will keep you updated regularly.
    Please let me know if you need anything!

    From,
    Morgan

  26. Support Staff 23 Posted by Herb on 20 Jun, 2012 02:05 PM

    Herb's Avatar

    Hey Fredrik!

    The exact same scenario is happening again? I'm having a hard time replicating this. Notice is responsible for filtering parameters and the method I've fixed hasn't been changed. The tests I've added for this are also passing. I've even tried to reproduce it inside a fresh rails application with the filtering options you've set.

    Can you please give us more info?

    Sorry for the hassle!

    Herb

  27. 24 Posted by Fredrik Björk on 20 Jun, 2012 02:08 PM

    Fredrik Björk's Avatar

    Hi,

    here's an example: https://banjo.airbrake.io/errors/51285511

    We're using the latest gem. What other information are you looking for?

  28. Support Staff 25 Posted by Herb on 22 Jun, 2012 12:05 AM

    Herb's Avatar

    Hello again Fredrik!

    I know it took me some time to provide a solution but I'm happy to announce that I have the workaround for your unusual bug.

    As we have suspected, it's not the Airbrake gem issue. It's actually an issue related to Clearance filtering strategies.

    Let me explain...

    You can see here that Clearance delegates filtering to Rails. Rails uses regex matching to determine whether your parameter should be filtered or not. So remember_token is matched with /token/ and therefore your parameter gets hidden. We have an independent filtering strategy which doesn't match the keys with regex any more.

    Removing the token from filter_parameters in the application.rb does not help, unfortunately, because Clearance uses initializer hook to set it up again (defaults to [:password,:token]).

    You have to use after_initialize hook to fix this.

    Add this to your application.rb:

    config.after_initialize do |app|
      app.config.filter_parameters.delete :token
    end
    

    You could also monkeypatch the ActionDispatch::Http::ParameterFilter#compiled_filter to not use regex but I think this is more simple.

    Herb

  29. Morgan closed this discussion on 04 Oct, 2012 12:55 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac