Tracking request parameters

[cbl]

Hi, everyone! I wondered if there is a reason why the request parameters are not logged. This can be very usefull in some cases. (Would do a pr if this would be accepted)

[Cannonb4ll]

Mainly because of sensitive data we do not want to be responsible off which lands in our database.

If you have a way to filter out all the sensitive data the PR is more than welcome.

[cbl]

Aren't headers sensitive in the same way? 🤔

I think a good way to filter sensitive data within request parameters is to filter parameters whose name contains words like password, pw, pwd, ... and also give the user the option to filter additional parameters.

Same thing with headers (if this is not the case already), headers like Authorization and other known token headers should be filtered by default with the option to filter additional headers.

[Cannonb4ll]

They certainly are, but less common to contain user data that gets sent over.

That being said, you could recycle the blacklist so the user itself has control over this, this list is being used when receiving headers

Config:
https://github.com/LaraBug/LaraBug/blob/master/config/larabug.php#L88

Function to filter:

LaraBug/src/LaraBug.php

Line 215 in cedbe1b

public function filterVariables($variables)

A PR is welcome for this 😎

[cbl]

Will create a pr when I find the time, I could have needed this in a view cases for debugging already 😅