docs: har reference guide (#3900)

2022-08-26 13:50:51 +10:00 · 2022-08-26 13:50:51 +10:00 · aad43d4acc
parent a8849f1b9e
commit aad43d4acc
2 changed files with 100 additions and 0 deletions
--- a/docs/content/en/reference/guides/domain-sanitizaiton.md
+++ b/docs/content/en/reference/guides/domain-sanitizaiton.md
@ -0,0 +1,30 @@
+---
+title: "Domain Sanitization"
+description: "This guide describes and helps users sanitize provided files to hide their domain"
+lead: "This guide describes and helps users sanitize provided files to hide their domain."
+date: 2022-06-20T10:05:55+10:00
+draft: false
+images: []
+menu:
+  reference:
+    parent: "guides"
+weight: 220
+toc: true
+---
+
+Some users may wish to hide their domain in files provided during troubleshooting. While this is discouraged, if a user
+decides to perform this action it's critical for these purposes that you hide your domain in a very specific
+way. Most editors allow replacing all instances of a value, utilizing this is essential to making troubleshooting
+possible.
+
+## General Rule
+
+Only replace the purchased portion of domains. For example if you have `auth.abc123.com` and `app.abc123.com` they
+should become `auth.example.com` and `app.example.com`, i.e. replace all instances of `abc123.com` with `example.com`.
+
+## Multiple Domains
+
+*__Replacement Value:__* `example#.com` (where `#` is a unique number per domain)
+
+In instances where there are multiple domains it's recommended these domains are replaced with `example1.com`,
+`example2.com`, etc.
--- a/docs/content/en/reference/guides/http-archive-file.md
+++ b/docs/content/en/reference/guides/http-archive-file.md
@ -0,0 +1,70 @@
+---
+title: "HTTP Archive Files"
+description: "This guide describes and helps users create HTTP Archive (HAR) files"
+lead: "This guide describes and helps users create HTTP Archive (HAR) files."
+date: 2022-06-20T10:05:55+10:00
+draft: false
+images: []
+menu:
+  reference:
+    parent: "guides"
+weight: 220
+toc: true
+aliases:
+  - /r/har
+---
+
+## Introduction
+
+The HTTP Archive File Format (HAR) is a common developer import/export format which shows web requests that browsers
+make including all headers which includes cookies, forms submitted, etc.
+
+This format allows users to open the developer tools, perform several actions, and then export a file with all of the
+requests that still exist in the network tab of the developer tools. This file is stored in JSON which makes it easy to
+view what information exists before sharing it. Subsequently users may import this file on another browser and see all
+of these requests which makes it easier to debug certain situations without having to replicate an environment or be
+present in an environment.
+
+## Sanitization
+
+The following section outlines some helpful information if you wish to sanitize your HAR file to share it with others.
+
+### Domain
+
+See the dedicated [Domain Sanitization](domain-sanitizaiton.md) reference guide.
+
+### Security Sensitive Information
+
+*__Important:__ this file may contain sensitive information which should be sanitized manually before sharing it
+anywhere with anyone. Sensitive information can vary wildly but some of the key areas that may be sensitive when
+exporting this for troubleshooting with Authelia are:*
+- `Cookie` request header
+- `Set-Cookie` response header
+- Data sent to the following endpoints:
+  - `/api/firstfactor`: username / password
+  - `/api/*/identity/start`: the token query parameter
+  - `/api/secondfactor/*`: the post data
+
+## Instructions
+
+The following are instructions on how to perform valuable HAR exports. The instructions for Chrome / Chromium should be
+applicable in all Chromium based browsers, and likewise for Firefox based browsers.
+
+1. Open your browser.
+2. Open a blank tab.
+3. Press Ctrl + Shift + I to open the browser Developer Tools.
+4. Open the `Network` tab.
+5. Ensure the browser persists logs:
+   1. Firefox:
+      1. Select the `Network Settings` cog symbol at the top right of the `Network` tab.
+      2. Ensure `Persist Logs` is checked.
+   2. Chrome / Chromium:
+      1. Ensure `Preserve logs` in the top left of the `Network` tab is checked.
+6. Perform your intended requests, or the requests that have been requested.
+7. Export the HAR File:
+   1. Firefox:
+      1. Select the `Network Settings` cog symbol at the top right of the `Network` tab.
+      2. Select `Save All AS HAR`.
+   2. Chrome / Chromium:
+      1. Right click any request in the `Network` tab.
+      2. Select `Save all as HAR with content` at the bottom of the dialogue.