Hide sensitive information from out going requests?

[FrancisMawn]

Hi,

We have the ability to hide sensitive information for in coming requests using the hideRequestParameters static method on the Telescope class which is great!

I was wondering if the same concept could be applied for requests going out of the application (those made through the http client).

Right now, I have a use case where user credentials are being sent from my application to an external IDP and I don't see any ways to hide that info from the Telescope logs.

Thank you for that great product btw.

[driesvints]

Hey there. You mean the ClientRequestWatcher? Because it already hides parameters you define:

https://github.com/laravel/telescope/blob/4.x/src/Watchers/ClientRequestWatcher.php#L157

[FrancisMawn]

Oh wow, I'm sorry. I used the original Telescope service provider which had the logic bypassed for local environments... 🤦‍♂️

It worked once I commented out that code. I guess what mislead me was the fact that in other places, the password attribute would still be hidden even on a local environment. I assume Telescope will always hide the password attribute no matter what?

Anyway thanks for your help!

/**
 * Prevent sensitive request details from being logged by Telescope.
 */
protected function hideSensitiveRequestDetails(): void
{
    // if ($this->app->environment('local')) {
    //     return;
    // }

    Telescope::hideRequestParameters(['_token', 'password', 'credentials']);

    Telescope::hideRequestHeaders([
        'cookie',
        'x-csrf-token',
        'x-xsrf-token',
    ]);
}

[driesvints]

@FrancisMawn glad you got that sorted :)

password is indeed hidden by default: https://github.com/laravel/telescope/blob/4.x/src/Telescope.php#L91