HAR Sanitizer: secure HAR sharing

ichordedionysos · on Nov 6, 2023

There is a new feature request for Chromium to strip this information by default, so people don't have to be educated to do any action like uploading it to Cloudflares tool!

I'm kinda missing this in the next steps defined by Cloudflare...

https://bugs.chromium.org/p/chromium/issues/detail?id=149580...

nullindividual · on Oct 26, 2023

This would be attractive as a console application. But having to upload a file with sensitive information to CF to have it sanitized makes less sense.

Purpose and fit seems to be lost, here.

eldridgea · on Oct 26, 2023

Looks like it can be run locally ok with npm https://github.com/cloudflare/har-sanitizer

mdaniel · on Oct 26, 2023

Looks like it only checks for authorization: redaction in the headers which is great, but continues to leak the authorization header in batched http calls for Google APIs

IOW, a fine start, but one should still actually check har files for stanzas that are relevant to your authn/authz situation before sharing them with anyone

jereees · on Oct 29, 2023

From the article

>The tool is built entirely on Cloudflare Workers, and all sanitization is done client-side which means Cloudflare never sees the full contents of the session token.

NicoJuicy · on Oct 26, 2023

You can just deploy it to Cloudflare workers

rfkashani · on Nov 2, 2023

CF schooling Okta

toomuchtodo · on Oct 26, 2023

Thank you Cloudflare folks!