Filtering Sensitive Data

You have complete control over what data is sent to Honeybadger. You can filter request data as well as inspect and filter all other data before it's sent to Honeybadger.

Filtering request data

Honeybadger automatically filters sensitive keys in params, cookies, and environment data. By default, we filter keys containing password or creditcard. When you add a property name to the filters config array, the values will be removed from error reports before they are sent to our servers:

json

  

{
  "submit": "Sign Up",
  "password": "[FILTERED]"
}

Here's an example of configuring additional filters (ssn in this case):

js

Honeybadger.configure({
  filters: ['password', 'creditcard', 'ssn']
});

With the above config, all keys containing ssn, password, or creditcard will be filtered from request data. Filters are case insensitive; creditcard and creditCard will both match. Filters are not applied to data sent to Honeybadger via the context feature.

Filtering other data

Honeybadger also allows you to inspect and filter all data that is sent to our servers at the time of an error using a Honeybadger.beforeNotify handler.

For example, to filter the URL of the current page when it contains a sensative param name:

javascript

  

Honeybadger.beforeNotify(function(notice) {
  if (/creditCard/.test(notice.url)) {
    notice.url = '[FILTERED]';
  }
});

To filter keys in the context object:

javascript

  

Honeybadger.beforeNotify(function(notice) {
  Object.keys(notice.context).forEach(function(key) {
    if (/creditCard/.test(key)) {
      notice.context[key] = '[FILTERED]';
    }
  });
});

The following notice properties are available in notice objects:

notice.stack - The stack trace (read only)
notice.backtrace - The parsed backtrace object
notice.name - The exception class name
notice.message - The error message
notice.url - The current url
notice.projectRoot - The root url
notice.environment - Name of the environment. example: "production"
notice.component - Similar to a rails controller name. example: "users"
notice.action - Similar to a rails action name. example: "create"
notice.fingerprint - A unique fingerprint, used to customize grouping of errors in Honeybadger
notice.context - The context object
notice.tags - A string comma-separated list of tags
notice.params - An object of request parameters
notice.session - An object of request session key/values
notice.headers - An object of request headers
notice.cookies - An object of cookie key/values. May also be sent as a string in the document.cookie "foo=bar;bar=baz" format.

The following additional notice properties are available in afterNotify handlers:

notice.id - The UUID of the error in Honeybadger