Avoiding filtering of certain values
Hi,
I don't want Airbeak to filter certain values by default, i.e remember_token. How do I configure that?
Comments are currently closed for this discussion. You can start a new one.
Log in to Airbrake
Hi,
I don't want Airbeak to filter certain values by default, i.e remember_token. How do I configure that?
Comments are currently closed for this discussion. You can start a new one.
Support Staff 2 Posted by benarent on 12 Mar, 2012 04:00 AM
Hey Fredrik,
Please check the filtering info on github page. https://github.com/airbrake/airbrake
Thanks
Ben
benarent closed this discussion on 12 Mar, 2012 04:00 AM.
Fredrik Björk re-opened this discussion on 12 Mar, 2012 04:25 AM
3 Posted by Fredrik Björk on 12 Mar, 2012 04:25 AM
I did, but it doesn't say how to remove the default filtering params?
Support Staff 4 Posted by benarent on 12 Mar, 2012 04:29 AM
Do you mean this? http://cl.ly/1i1F2g0R030H1c2h1r1D It's in project settings.
5 Posted by Fredrik Björk on 12 Mar, 2012 04:30 AM
I do not want to filter remember_token values for example. How do I do that?
Support Staff 6 Posted by Stu on 14 Mar, 2012 07:18 PM
Hey Fredrik,
Check in your console to see what params are currently being filtered using ree-1.8.7-2011.03 :006 > Airbrake.configuration.params_filters
=> ["password", "password_confirmation", "remember_token"]
In your airbrake initializer I would add something like Airbrake.configuration.params_filters.delete('remember_token')
I haven't tested this live but it makes sense to me.
Please reopen if this doesn't solve.
Cheers
Stu
Stu closed this discussion on 14 Mar, 2012 07:18 PM.
Fredrik Björk re-opened this discussion on 14 Mar, 2012 08:55 PM
7 Posted by Fredrik Björk on 14 Mar, 2012 08:55 PM
My params_filters output this:
["password", "password_confirmation"]
Is there something else filtering my session variables?
Support Staff 8 Posted by Stu on 14 Mar, 2012 09:38 PM
Im going to dig deeper into this Fredrik,
Will report back with my findings.
Cheers
Stu
Support Staff 9 Posted by Stu on 27 Mar, 2012 06:00 AM
Heya Fredrik,
What version of rails are you using?
Cheers
Stu
10 Posted by Fredrik Björk on 27 Mar, 2012 02:53 PM
3.1.4
Support Staff 11 Posted by Herb on 29 Mar, 2012 12:13 AM
Hey Frederik,
are you sure Airbrake is responsible?
Can you confirm that param is not filtered in your server logs?
Thanks
Herb
12 Posted by Fredrik Björk on 29 Mar, 2012 12:34 AM
We use Airbrake on Heroku. Are you saying their server logs would somehow filter certain values?
Support Staff 13 Posted by Herb on 29 Mar, 2012 04:55 PM
If this key isn't in
Airbrake.configuration.params_filters, filtering by our gem - which occurs here doesn't happen for this key.I'm guessing your key is already filtered by your app. Are you using Devise? Maybe it has something to do with their filtering strategy?
I wanted you to confirm that the params are not filtered before you raise the exception in your controller, can you do it locally?
Thanks
14 Posted by Fredrik Björk on 29 Mar, 2012 07:20 PM
irb(main):001:0> Airbrake.configuration.params_filters
=> ["password", "password_confirmation"]
We're using Clearance in our app. What else could it be causing some values to get filtered?
Support Staff 15 Posted by Herb on 29 Mar, 2012 10:07 PM
Maybe, check this out. What's the output of
Rails.application.config.filter_parameters?16 Posted by Fredrik Björk on 29 Mar, 2012 10:34 PM
irb(main):001:0> Rails.application.config.filter_parameters
=> [:password, :token, :password]
17 Posted by Fredrik Björk on 25 Apr, 2012 12:52 AM
Is Aibrake using a regexp to determine these values? i.e would remember_token get filtered by the :token in filter_parameters?
Support Staff 18 Posted by Herb on 25 Apr, 2012 10:36 AM
Hey again Fredrik. Sorry for not updating sooner. Yeah, we were using
include?to determine params filtering.I've just pushed a fix for this.
Thanks for reporting.
19 Posted by Fredrik Björk on 05 Jun, 2012 09:39 PM
After upgrading to the latest version of Airbrake (3.1.0) remember_token is filtered again. Bug got introduced again?
20 Posted by Fredrik Björk on 18 Jun, 2012 04:22 PM
Anyone have a fix for this? We really need the remember_token value to track down bugs.
Support Staff 21 Posted by Morgan on 18 Jun, 2012 04:49 PM
Hello Fredrik,
I have sent a reminder to the development team to look into this issue for you.
I will keep an eye on this ticket and check in with any updates I get about the remember_token.
From,
Morgan
Support Staff 22 Posted by Morgan on 19 Jun, 2012 04:24 PM
Hello Fredrick,
I have Just pushed this ticket up to high priority and Emailed Herb to look into this issue again. Sorry about the delay on a solution so far. I will keep you updated regularly.
Please let me know if you need anything!
From,
Morgan
Support Staff 23 Posted by Herb on 20 Jun, 2012 02:05 PM
Hey Fredrik!
The exact same scenario is happening again? I'm having a hard time replicating this. Notice is responsible for filtering parameters and the method I've fixed hasn't been changed. The tests I've added for this are also passing. I've even tried to reproduce it inside a fresh rails application with the filtering options you've set.
Can you please give us more info?
Sorry for the hassle!
Herb
24 Posted by Fredrik Björk on 20 Jun, 2012 02:08 PM
Hi,
here's an example: https://banjo.airbrake.io/errors/51285511
We're using the latest gem. What other information are you looking for?
Support Staff 25 Posted by Herb on 22 Jun, 2012 12:05 AM
Hello again Fredrik!
I know it took me some time to provide a solution but I'm happy to announce that I have the workaround for your unusual bug.
As we have suspected, it's not the Airbrake gem issue. It's actually an issue related to Clearance filtering strategies.
Let me explain...
You can see here that Clearance delegates filtering to Rails. Rails uses regex matching to determine whether your parameter should be filtered or not. So
remember_tokenis matched with/token/and therefore your parameter gets hidden. We have an independent filtering strategy which doesn't match the keys with regex any more.Removing the
tokenfromfilter_parametersin theapplication.rbdoes not help, unfortunately, because Clearance uses initializer hook to set it up again (defaults to[:password,:token]).You have to use
after_initializehook to fix this.Add this to your
application.rb:You could also monkeypatch the
ActionDispatch::Http::ParameterFilter#compiled_filterto not use regex but I think this is more simple.Herb
Morgan closed this discussion on 04 Oct, 2012 12:55 AM.