Always remove XSRF-TOKEN cookie value before sending to Sentry (#920)

stayallive · web-flow · commit f987314955bb · 2024-07-15T19:18:52.000+02:00
diff --git a/src/Sentry/Laravel/Http/LaravelRequestFetcher.php b/src/Sentry/Laravel/Http/LaravelRequestFetcher.php
@@ -40,7 +40,7 @@ public function fetchRequest(): ?ServerRequestInterface
         $cookies = new Collection($request->getCookieParams());
 
         // We need to filter out the cookies that are not allowed to be sent to Sentry because they are very sensitive
-        $forbiddenCookies = [config('session.cookie'), 'remember_*'];
+        $forbiddenCookies = [config('session.cookie'), 'remember_*', 'XSRF-TOKEN'];
 
         return $request->withCookieParams(
             $cookies->map(function ($value, string $key) use ($forbiddenCookies) {
