Sunday, March 29, 2020

HAR Sanitizer in DockerHub

HAR (HTTP Archive) files are a really useful troubleshooting tool for browser developers: You can take a HAR file from an end-user or tester, load it up in the Chrome debugger, and see the request and response data in the Network panel as though you replayed the scenario yourself. This is particularly helpful in debugging, 403's, 404's, and performance issues (among others).

There's a catch, though: HAR files contain sensitive information like auth headers, cookies, and other personal data. As a web developer, users should not be sending these to you, and you should not be attaching them to (say) JIRA issues.

To help with this problem, Google released an unofficial open source application called HAR Sanitizer. It allows you to upload a HAR file from which it will automatically strip well-known sensitive information (think: certain auth cookies) as well as any other fields you choose. The resulting "sanitized" HAR file is then theoretically safe to share with developers.

If you'd like to try it out, there's a live version running on AppSpot.

That said, I'm always a little bit nervous asking my users to upload sensitive information to a third-party website, even if it does appear to be one unofficially supported by Google. What if I could get them to run HAR Sanitizer on their local machines instead?

If you happend to look at the HAR Sanitizer installation instructions on Github, you might have noticed they are a little complicated. Probably not something I could explain to most users how to do.

But I DO think I can explain to most users (at least in-house users) how to run a Docker image. That's why I packaged up HAR Sanitizer and uploaded it to Docker Hub.

The image build code is here.

The image itself is here.

Let me know if you find this useful.