What does [Filtered] mean in the ADDITIONAL DATA?


#1

Hi,

I am sending some additional data with my exceptions but some params show [Filtered] instead of sent data:

What does it mean? Why does Sentry filter those fields? Is there a way how to show original data instead of [Filtered] in ADDITIONAL DATA?

Thank you for answers.

Eda


#2

@edariedl – this is a result of server-side filtering, which you can disable/customize in your Project Settings.

The TL;DR is that Sentry looks for potentially sensitive values (e.g. credit cards, social security numbers, things that look like API keys, etc.) and removes everything. To be on the safe side, it is particularly aggressive by default.


#3

@benvinegar some additional feedback: I find this scrubbing to be too aggressive so have needed to disable it. It has otherwise been interfering with my ability to troubleshoot problems. I would have been OK to start selectively removing some default rules, but those don’t seem to be exposed to me to see? i.e. it seems to give you a choice of “Either use our default options, or start from a blank slate yourself”, right? Or can I assume that the list on the documentation page is complete and accurate?


#4

@benvinegar thank you. As @rarkins wrote It would help a lot if it could be more configurable. At this point I am not sure how it will work if I turn off the server side filtering but I want to Authorization Header still be filtered.

Is there a way how to say, that Authorizastion header should be always filtered, but data in the params should be always visible unless it is said otherwise by some setting eg. filtered params in the Sentry raven library?


#5

I find this scrubbing to be too aggressive so have needed to disable it.

It is intentionally designed to be “better safe than sorry” by default for new organizations.

i.e. it seems to give you a choice of “Either use our default options, or start from a blank slate yourself”, right?

Yes. There’s also a third choice: “use the default options and additionally specify more fields to be scrubbed”.

Or can I assume that the list on the documentation page is complete and accurate?

I believe so. You can also see what the scrubber handles in the source code.


I think one option that we might explore in the future is, instead of clobbering the entire value/key, we just strip the substring.


#6

Every Sentry client library has a means of performing self-filtering. I recommend taking a look at your client docs – you should be able to configure it to do what you’re asking.


#7

Do you have any idea why is Sentry filtering my message: “Authenticating user123”? I was using the example from the docs to play with breadcrumbs. If I turn off Data Scrubber in project settings it works, but I dont want to remove this feature.

I have read the source code and it seems that message is untouched until it is being sent so where does it get filtered? Can I do anything about it?


#8

The string “auth” would be triggering the filter I’m pretty sure. If you’re able to provide the actual JSON payload I can confirm that.