Always remove XSRF-TOKEN cookie value before sending to Sentry (#920)

getsentry · Jul 15, 2024 · f987314 · f987314
1 parent ad29e34
commit f987314
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Sentry/Laravel/Http/LaravelRequestFetcher.php b/src/Sentry/Laravel/Http/LaravelRequestFetcher.php
@@ -40,7 +40,7 @@ public function fetchRequest(): ?ServerRequestInterface
         $cookies = new Collection($request->getCookieParams());
 
         // We need to filter out the cookies that are not allowed to be sent to Sentry because they are very sensitive
-        $forbiddenCookies = [config('session.cookie'), 'remember_*'];
+        $forbiddenCookies = [config('session.cookie'), 'remember_*', 'XSRF-TOKEN'];
 
         return $request->withCookieParams(
             $cookies->map(function ($value, string $key) use ($forbiddenCookies) {