We just released AppSignal for Elixir package version 1.6.0 1.6.3 which allows filtering of more data and adds a "revision" config option for APP_REVISION!
Shipped today with the Elixir package is also a Ruby gem release containing many of the same enhancements.
Request headers list
With this release it's possible to specify which HTTP request headers AppSignal stores on transactions and sends to the AppSignal servers. This feature was added in light of the new General Data Protection Regulation (GDPR).
Which request headers to process is determined through the request_headers whitelist option. If unset, it falls back to a collection of headers that don't contain personal data. This means headers such as REMOTE_ADDR, REFERER and a few more will not be sent to AppSignal. When upgrading from Ruby gem 2.5 and earlier, you'll notice that newly added samples won't contain these headers containing potential personal data unless you specify otherwise.
Here's an example with our Elixir package 1.6 defaults:
1# config/appsignal.exs
2config :appsignal, :config,
3 request_headers: ~w(
4 accept accept-charset accept-encoding accept-language cache-control
5 connection content-length path-info range request-method
6 request-uri server-name server-port server-protocol
7 )
Or when using environment variables for configuration:
1export APPSIGNAL_REQUEST_HEADERS=HTTP_ACCEPT,HTTP_ACCEPT_CHARSET,HTTP_ACCEPT_ENCODING,HTTP_ACCEPT_LANGUAGE,HTTP_CACHE_CONTROL,HTTP_CONNECTION,CONTENT_LENGTH,PATH_INFO,HTTP_RANGE,REQUEST_METHOD,REQUEST_URI,SERVER_NAME,SERVER_PORT,SERVER_PROTOCOLFilter session data
It was always possible to filter parameter values, but not session data. Thanks to @dwilkins this is now possible!
Using the filter_session_data config option it's possible to specify which session data keys should be filtered out and replaced with [FILTERED] instead. Use this option to make sure you're not sending any sensitive or personal data to our servers.
1# config/appsignal.exs
2config :appsignal, :config,
3 filter_session_data: ["name", "email", "api_token", "token"]Or when using environment variables for configuration:
1export APPSIGNAL_FILTER_SESSION_DATA=name,email,api_token,tokenRevision config option
We've supported the APP_REVISION environment variable for a while to notify AppSignal of new deploys. This variable sets the app revision at runtime. The main advantage is that it's possible to report multiple revisions at the same time from different hosts, such as during a deploy or when another host doesn't have to be deployed.
In this version we've added support for a configuration option for it in appsignal.exs. This means the APP_REVISION environment variable is no longer a requirement to use this method, but instead all your configuration can exist in the same config file.
For more information about deploy markers and the revision config option, see our documentation page about deploy markers.
Other improvements
- Relax :httpoison dependency to allow ~> 1.0
- Demonitor processes when the transaction completes
- Log with :info level instead of :warn when AppSignal is disabled
- Fix empty action name issue
Please see the changelog for more details about these improvements, deprecations and other changes. And as always: get in touch if you encounter problems after upgrading. We're happy to help!
Image credit: MPD01605 CC BY-SA 2.0 via WikiMedia Commons
