This module adds Sentry context metadata during the request in a Plug application. It includes defaults for scrubbing sensitive data, and options for customizing it by default.

It is intended for usage with Sentry.PlugCapture as metadata added here will appear in events captured.

sending-post-body-params

Sending Post Body Params

In order to send post body parameters you should first scrub them of sensitive information. By default, they will be scrubbed with Sentry.Plug.default_body_scrubber/1. It can be overridden by passing the body_scrubber option, which accepts a Plug.Conn and returns a map to send. Setting :body_scrubber to nil will not send any data back. If you would like to make use of Sentry's default scrubber behavior in a custom scrubber, it can be called directly. An example configuration may look like the following:

def scrub_params(conn) do
  # Makes use of the default body_scrubber to avoid sending password
  # and credit card information in plain text.  To also prevent sending
  # our sensitive "my_secret_field" and "other_sensitive_data" fields,
  # we simply drop those keys.
  Sentry.PlugContext.default_body_scrubber(conn)
  |> Map.drop(["my_secret_field", "other_sensitive_data"])
end

Then pass it into Sentry.Plug:

plug Sentry.PlugContext, body_scrubber: &MyModule.scrub_params/1

You can also pass it in as a {module, fun} like so:

plug Sentry.PlugContext, body_scrubber: {MyModule, :scrub_params}

Please Note: If you are sending large files you will want to scrub them out.

headers-scrubber

Headers Scrubber

By default Sentry will scrub Authorization and Authentication headers from all requests before sending them. It can be configured similarly to the body params scrubber, but is configured with the :header_scrubber key.

def scrub_headers(conn) do
  # default is: Sentry.Plug.default_header_scrubber(conn)
  #
  # We do not want to include Content-Type or User-Agent in reported
  # headers, so we drop them.
  Enum.into(conn.req_headers, %{})
  |> Map.drop(["content-type", "user-agent"])
end

Then pass it into Sentry.Plug:

plug Sentry.PlugContext, header_scrubber: &MyModule.scrub_headers/1

It can also be passed in as a {module, fun} like so:

plug Sentry.PlugContext, header_scrubber: {MyModule, :scrub_headers}

cookie-scrubber

Cookie Scrubber

By default Sentry will scrub all cookies before sending events. It can be configured similarly to the headers scrubber, but is configured with the :cookie_scrubber key.

To configure scrubbing, we can set all configuration keys:

plug Sentry.PlugContext, header_scrubber: &MyModule.scrub_headers/1, body_scrubber: &MyModule.scrub_params/1, cookie_scrubber: &MyModule.scrub_cookies/1

including-request-identifiers

Including Request Identifiers

If you're using Phoenix, Plug.RequestId, or another method to set a request ID response header, and would like to include that information with errors reported by Sentry.PlugContext, the :request_id_header option allows you to set which header key Sentry should check. It will default to "x-request-id", which Plug.RequestId (and therefore Phoenix) also default to.

plug Sentry.PlugContext, request_id_header: "application-request-id"

remote-address-reader

Remote Address Reader

Sentry.PlugContext includes a request's originating IP address under the REMOTE_ADDR Environment key in Sentry. By default it is read from the x-forwarded-for HTTP header, and if this header is not present, it is read from conn.remote_ip.

If you wish to read this value differently (e.g. from a different HTTP header), or modify it in some other way (e.g. by masking it), you can configure this behavior by passing the :remote_address_reader option:

plug Sentry.PlugContext, remote_address_reader: &MyModule.read_ip/1