Sentry-javascript: "Additional data" displays [Filtered], replaced by PII rule creditcard:filter

Created on 24 Feb 2020 · 3Comments · Source: getsentry/sentry-javascript

[x] Review the documentation: https://docs.sentry.io/
[x] Search for existing issues: https://github.com/getsentry/sentry-javascript/issues
[x] Use the latest release: https://github.com/getsentry/sentry-javascript/releases
[ ] Provide a link to the affected event from your Sentry account

Package + Version

[x] @sentry/browser
[ ] @sentry/node
[ ] raven-js
[ ] raven-node _(raven for node)_
[ ] other:

Version:

5.12.1

Description

I'm trying to integrate fullstory with sentry by sending fullstory session url to sentry as additional data, like below:

  /**
   * https://help.fullstory.com/hc/en-us/articles/360020828073-FS-getCurrentSessionURL-Retrieving-a-session-URL-at-time-of-recording
   * https://help.fullstory.com/hc/en-us/articles/360020624234-Roll-Your-Own-Integration
   */
  // eslint-disable-next-line no-underscore-dangle
  window._fs_ready = () => {
    Sentry.configureScope((scope) => {
      scope.setExtra('fullstoryUrl', window.FS.getCurrentSessionURL());
    });
  };

In the sentry web application, the fullstoryUrl appears but has filtered out some parts by PII creditcard:filter rule, like below:

Zrzut ekranu 2020-02-24 o 16 54 40

fullstoryUrl looks like that:

https://app.fullstory.com/ui/<accountId>/session/5472936014675968%3A4548674178482176"

It seems that sentry recognize this part

as credit card number...

Is there any way to disable these filtering rules or maybe should I somehow send that url by using different method?

Needs Triage

Source

hinok

Most helpful comment

Please add fullstoryUrl to your Safe Fields in your project settings. More information about server-side scrubbing can be found at https://docs.sentry.io/data-management/sensitive-data/#server-side-scrubbing.