Home
Guides
Sign Up
Start typing to search…

Capture and Sanitize Network Data

Capture Flutter network data in LogRocket

πŸ“˜

LogRocket Flutter support is currently in Alpha

The LogRocket Flutter SDK does not automatically capture Network Requests in your application. An http client has been provided to allow making network requests, and capturing them into LogRocket.

var httpClient = LogRocketHttpClient();

await httpClient.get(Uri.https('example.com')));

await httpClient.post(
  Uri.https('example.com', 'whatsit/create'),
  body: jsonEncode({
    'key': 'value',
    'uid': 1234,
    'isTrue': true,
    'nested': {
      'child': 'value'
    },
  }),
  headers: {'Content-Type': 'application/json'}
);

The LogRocketHttpClient supports all BaseClient methods. The client will only capture bodies for Request types requests in the session, which is the default for most methods. MultipartRequests and StreamedRequests sent directly through the send method will not include request bodies in replay.

The LogRocketHttpClient can also be used to wrap other http clients. Network request and response details will be captured in LogRocket, but the requests will be executed by the underlying httpClient.

var customLrClient = LogRocketHttpClient(httpClient: CustomClient());

Sanitize Network Data

The LogRocketHttpClient includes 2 optional parameters to sanitize request and response data. When defining network sanitizers, we recommend thoroughly testing your implementations and confirming the data appears in session replay as you'd expect before releasing them to production.

var httpClient = LogRocketHttpClient(
  requestSanitizer: myRequestSanitizerFunction,
  responseSanitizer: myResponseSanitizerFunction,
)

requestSanitizer

The requestSanitizer can be used to modify the request's url, headers, method, and body values as they are captured and displayed in LogRocket. Changing these values in the request sanitizer has no effect on the actual request.

Returning null from the request sanitizer will cause the LogRocket SDK to completely ignore that request. It will not appear in any form within LogRocket.

Example:

var excludedDomains = ['https://example.com', 'https://test.com'];

var httpClient = LogRocketHttpClient(
  requestSanitizer: (request) {
    if (excludedDomains.any(url => request.url.startsWith(excludedDomain))) {
      // exclude the request from the LogRocket session
      return null;
    } else if (request.url.contains('sensitive')) {
      // capture the request without the request headers or the request bodies
      request.headers = null;
      request.body = "";
    } else {
      try {
        // remove a field from the captured request body
        Map<String, dynamic> bodyMap = jsonDecode(response.body);
        bodyMap.remove('sensitiveField');
        response.body = jsonEncode(bodyMap);
      } catch (e) {}
    }
    return request;
  }
)

responseSanitizer

The responseSanitizer can be used to modify a response's headers, status, and body values as they are captured and displayed in LogRocket. Changing these values in the response sanitizer has no effect on the actual response.

See requestSanitizer for details on how to completely exclude a request/response pair.

Example

var httpClient = LogRocketHttpClient(
  resposneSanitizer: (response) {
    // always remove a certain header
    response.headers.remove('x-api-key`)
    try {
      // remove a field from the captured response body
      Map<String, dynamic> bodyMap = jsonDecode(response.body);
      bodyMap.remove('sensitiveField');
      response.body = jsonEncode(bodyMap);
    } catch (e) {}
    return response;
  }
)

🚧

Coming soon: Automatic Network Capture