Product
Introducing SSO
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
@openreplay/tracker-axios
Advanced tools
Readme
Tracker plugin to support tracking of the Axios requests.
npm i @openreplay/tracker-axios
Initialize the @openreplay/tracker
package as usual and load the plugin into it.
import Tracker from '@openreplay/tracker';
import trackerAxios from '@openreplay/tracker-axios';
const tracker = new Tracker({
projectKey: YOUR_PROJECT_KEY,
});
tracker.start();
tracker.use(trackerAxios({ /* options here*/ }));
Options:
{
instance: AxiosInstance; // default: axios
failuresOnly: boolean; // default: false
captureWhen: (AxiosRequestConfig) => boolean; // default: () => true
sessionTokenHeader: string; // default: undefined
ignoreHeaders: Array<string> | boolean, // default [ 'Cookie', 'Set-Cookie', 'Authorization' ]
sanitiser: (RequestResponseData) => RequestResponseData | null, // default: undefined
}
By default plugin connects to the static axios
instance, but you can specify one with the instance
option.
Set failuresOnly
option to true
if you want to record only failed requests, when the axios' promise is rejected. You can also regulate axios failing behaviour with the validateStatus
option.
captureWhen
parameter allows you to set a filter on request should be captured. The function will be called with the axios config object and expected to return true
or false
.
In case you use OpenReplay integrations (sentry, bugsnag or others), you can use sessionTokenHeader
option to specify the header name. This header will be appended automatically to the each axios request and will contain OpenReplay session identificator value.
You can define list of headers that you don't want to capture with the ignoreHeaders
options. Set its value to false
if you want to catch them all (true
if opposite). By default plugin ignores the list of headers that might be sensetive such as [ 'Cookie', 'Set-Cookie', 'Authorization' ]
.
Sanitise sensitive data from fetch request/response or ignore request comletely with sanitiser
. You can redact fields on the request object by modifying then returning it from the function:
interface RequestData {
body: BodyInit | null | undefined; // whatewer you've put in the init.body in fetch(url, init)
headers: Record<string, string>;
}
interface ResponseData {
body: string | Object | null; // Object if response is of JSON type
headers: Record<string, string>;
}
interface RequestResponseData {
readonly status: number;
readonly method: string;
url: string;
request: RequestData;
response: ResponseData;
}
sanitiser: (data: RequestResponseData) => { // sanitise the body or headers
if (data.url === "/auth") {
data.request.body = null
}
if (data.request.headers['x-auth-token']) { // can also use ignoreHeaders option instead
data.request.headers['x-auth-token'] = 'SANITISED';
}
// Sanitise response
if (data.status < 400 && data.response.body.token) {
data.response.body.token = "<TOKEN>"
}
return data
}
// OR
sanitiser: data => { // ignore requests that start with /secure
if (data.url.startsWith("/secure")) {
return null
}
return data
}
// OR
sanitiser: data => { // sanitise request url: replace all numbers
data.url = data.url.replace(/\d/g, "*")
return data
}
FAQs
Tracker plugin for axios requests recording
The npm package @openreplay/tracker-axios receives a total of 1,516 weekly downloads. As such, @openreplay/tracker-axios popularity was classified as popular.
We found that @openreplay/tracker-axios demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.