Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@openreplay/tracker-axios

Package Overview
Dependencies
Maintainers
4
Versions
14
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@openreplay/tracker-axios

Tracker plugin for axios requests recording

  • 3.6.0-beta.0
  • npm
  • Socket score

Version published
Weekly downloads
1.4K
increased by32.82%
Maintainers
4
Weekly downloads
 
Created
Source

OpenReplay Tracker Axios plugin

Tracker plugin to support tracking of the Axios requests.

Installation

npm i @openreplay/tracker-axios

Usage

Initialize the @openreplay/tracker package as usual and load the plugin into it.

import Tracker from '@openreplay/tracker';
import trackerAxios from '@openreplay/tracker-axios';

const tracker = new Tracker({
  projectKey: YOUR_PROJECT_KEY,
});
tracker.start();

tracker.use(trackerAxios({ /* options here*/ }));

Options:

{
	instance: AxiosInstance;                       // default: axios
  failuresOnly: boolean;                         // default: false
  captureWhen: (AxiosRequestConfig) => boolean;  // default: () => true
  sessionTokenHeader: string;                    // default: undefined
  ignoreHeaders: Array<string> | boolean,        // default [ 'Cookie', 'Set-Cookie', 'Authorization' ]
  sanitiser: (RequestResponseData) => RequestResponseData | null, // default: undefined

}

By default plugin connects to the static axios instance, but you can specify one with the instance option.

Set failuresOnly option to true if you want to record only failed requests, when the axios' promise is rejected. You can also regulate axios failing behaviour with the validateStatus option.

captureWhen parameter allows you to set a filter on request should be captured. The function will be called with the axios config object and expected to return true or false.

In case you use OpenReplay integrations (sentry, bugsnag or others), you can use sessionTokenHeader option to specify the header name. This header will be appended automatically to the each axios request and will contain OpenReplay session identificator value.

You can define list of headers that you don't want to capture with the ignoreHeaders options. Set its value to false if you want to catch them all (true if opposite). By default plugin ignores the list of headers that might be sensetive such as [ 'Cookie', 'Set-Cookie', 'Authorization' ].

Sanitise sensitive data from fetch request/response or ignore request comletely with sanitiser. You can redact fields on the request object by modifying then returning it from the function:

interface RequestData {
  body: BodyInit | null | undefined; // whatewer you've put in the init.body in fetch(url, init)
  headers: Record<string, string>;
}

interface ResponseData {
  body: string | Object | null;  // Object if response is of JSON type
  headers: Record<string, string>;
}

interface RequestResponseData {
  readonly status: number;
  readonly method: string;
  url: string;
  request: RequestData;
  response: ResponseData;
}

sanitiser: (data: RequestResponseData) => { // sanitise the body or headers
  if (data.url === "/auth") {
    data.request.body = null
  }

  if (data.request.headers['x-auth-token']) { // can also use ignoreHeaders option instead
    data.request.headers['x-auth-token'] = 'SANITISED';
  }

  // Sanitise response
  if (data.status < 400 && data.response.body.token) {
    data.response.body.token = "<TOKEN>"  
  }

  return data
}

// OR

sanitiser: data => { // ignore requests that start with /secure
  if (data.url.startsWith("/secure")) {
    return null
  }
  return data
}

// OR

sanitiser: data => { // sanitise request url: replace all numbers
  data.url = data.url.replace(/\d/g, "*")
  return data
}

Keywords

FAQs

Package last updated on 26 Aug 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc