How to censor sensitive information in requests to Flare

When an exception occurs in a web request, the Flare client will pass on all request fields that are present in the body.

In some cases, such as a login page, these request fields may contain a password that you don't want to send to Flare. By default, Flare will replace the value any fields that are named "password" with "<CENSORED>".

You can censor values of additional fields. If you use Laravel, you can put the names of those fields in the reporting.censor_request_body_fields key of the flare config file.

// config/flare.php

return [
    // ...
    
    'reporting' => [
        // ...
       'censor_request_body_fields' => ['password', 'other_field'],
    ]   
]

In non-Laravel PHP projects you can use call censorRequestBodyFields on the Flare client. You should pass it the names of the fields you wish to censor.

// Where you registered your client...
$flare = Flare::register('YOUR-FLARE-API-KEY')
	->registerFlareHandlers();

$flare->censorRequestBodyFields('password');

This will replace the value of any sent fields named "password" with the value "<CENSORED>".

You can see other improvements we recently made on our changelog. Do you have an idea to improve Flare? Let us know!