Censoring collected data
The Flare client collects a large amount of data within your application. You can configure this by configuring the Flare client in the flare.php
config file.
We've initialised the config with the Flare defaults, but you can mix and match your own config.
Anonymising IPs
By default, the Flare client collects information about the IP address of your application users. If you want to disable this information, you can set the censor.client_ips
option to true:
'censor' => [
'client_ips' => true,
// other config ...
],
Censoring request/response body fields
When Flare collects information about a web request or response, the Flare client passes on any request/response fields present in the body.
Sometimes, such as on a login page, these request fields may contain a password you don't want to send to Flare.
To censor out values of specific fields, you can set the censor.body_fields
config value. You should provide the names of the fields you wish to censor.
'censor' => [
'body_fields' => [
'password',
'password_confirmation',
],
// other config ...
]
This will replace the value of any body fields named "password" with the value "<CENSORED>".
By default, Flare will censor the password and password_confirmation fields.
Censoring request/response headers
When Flare collects information about a web request or response, the Flare client passes on any request/response headers present.
Just like with the body fields, these headers can be censored. You can do this setting censor.headers
in the Flare config:
'censor' => [
'headers' => [
'API-KEY',
'Authorisation',
'Cookie',
'Set-Cookie',
'X-CSRF-TOKEN',
'X-XSRF-TOKEN',
],
// other config ...
],
When doing so, the value of the headers will be changed to "<CENSORED>" when sent to Flare.
By default, Flare will censor the following headers:
- API-KEY
- Authorisation
- Cookie
- Set-Cookie
- X-CSRF-TOKEN
- X-XSRF-TOKEN
Censoring user data
When a user logs in to your Laravel application and an error/trace occurs, helpful information about the user is sent to Flare.
By default, the following will be sent:
- id
- name
- when the user model has a
toFlare
method, the data that method returns
When you don't want to send any user data, you can set the EmptyUserAttributesProvider
as the user attribute provider in the Flare config:
use Spatie\FlareClient\AttributesProviders\EmptyUserAttributesProvider;
'attribute_providers' => [
'user' => EmptyUserAttributesProvider::class,
// Other attribute providers ...
],