Updated denylist to include other widely used cookies/headers (#1972)

* Updated denylist to include other widely used cookies/headers
* Made check case insensitive

Author: antonpirker

sentry_sdk/scrubber.py

@@ -42,13 +42,27 @@
     "x_api_key",
     "x_forwarded_for",
     "x_real_ip",
+    # other common names used in the wild
+    "aiohttp_session",  # aiohttp
+    "connect.sid",  # Express
+    "csrf_token",  # Pyramid
+    "csrf",  # (this is a cookie name used in accepted answers on stack overflow)
+    "_csrf",  # Express
+    "_csrf_token",  # Bottle
+    "PHPSESSID",  # PHP
+    "_session",  # Sanic
+    "symfony",  # Symfony
+    "user_session",  # Vue
+    "_xsrf",  # Tornado
+    "XSRF-TOKEN",  # Angular, Laravel
 ]
 
 
 class EventScrubber(object):
     def __init__(self, denylist=None):
         # type: (Optional[List[str]]) -> None
         self.denylist = DEFAULT_DENYLIST if denylist is None else denylist
+        self.denylist = [x.lower() for x in self.denylist]
 
     def scrub_dict(self, d):
         # type: (Dict[str, Any]) -> None