The Chrome dev team has been getting on my nerves since before they decided backspace navigation was a bad thing, among all the other crap they force on us, but for some reason Microsoft decided to join forces with them, so now I have to deal with most of these annoyances within Edge, too. The latest one wasted good 20 minutes of my time earlier today, so now I have to rant about it… even though it is a good feature!
Long story short, a while back the Export HAR functionality was updated to strip authentication-related headers by default, in hopes of preventing accidental leaks. It is a good change, as most of the time you don’t want credentials and access tokens to remain visible in the requests captured therein, so we had to manually “sanitize” the resulting HAR file. But sometimes we do want them visible, as knowing what claims were present in the token is a valuable tool for troubleshooting issues with the Graph API, for example.
The team did provide a setting to control this behavior, specifically to surface additional menu when hitting the Export HAR button. Not the approach I would’ve considered, but nobody asks me. Since this setting is related to DevTools functionality, the corresponding control is tucked under the settings for DevTools, not the generic browser settings. Herein, the Edge folks had to put their own touch, hiding the DevTools settings under the … menu, causing this undercaffeinated idiot to waste his time.
So, how do you make sure that the exported HAR files contain potentially sensitive data? If using Chrome, open DevTools, hit the gear icon in the top right corner of the DevTools dock (or press F1 while it is in focus), then under Preferences, locate the Network section and toggle the Allow to generate HAR with sensitive data checkbox. If using Edge, open DevTools and look for the … menu in the top right corner, then hit it to select Settings, or press F1 to the same effect. Then Preferences and toggle the Allow to generate HAR with sensitive data checkbox under the Network section.
Hopefully the instructions above will help someone else banging their head against the missing data in HAR files!