From 199aa5a40ea831742517d5341f999d7f916591f4 Mon Sep 17 00:00:00 2001
From: Nathan Shaaban <86252985+nshaaban-cPacket@users.noreply.github.com>
Date: Sun, 26 Feb 2023 20:35:55 +0000
Subject: [PATCH] fix: also hide proxy-authorization

As reccomended by robjtede
---
 actix-web/CHANGES.md     | 2 +-
 actix-web/src/request.rs | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/actix-web/CHANGES.md b/actix-web/CHANGES.md
index 070d159b2..7be33ef4c 100644
--- a/actix-web/CHANGES.md
+++ b/actix-web/CHANGES.md
@@ -10,7 +10,7 @@
 
 ### Fixed
 - Add `Allow` header to `Resource`'s default responses when no routes are matched. [#2949]
-- Hide `Authorization` header in `HttpRequest` Debug output
+- Hide `Authorization` and `Proxy-Authorization` header in `HttpRequest` Debug output
 
 [#1961]: https://github.com/actix/actix-web/pull/1961
 [#2265]: https://github.com/actix/actix-web/pull/2265
diff --git a/actix-web/src/request.rs b/actix-web/src/request.rs
index 7c7830635..7bd265fa8 100644
--- a/actix-web/src/request.rs
+++ b/actix-web/src/request.rs
@@ -446,10 +446,11 @@ impl fmt::Debug for HttpRequest {
         writeln!(f, "  headers:")?;
         for (key, val) in self.headers().iter() {
             // Hide sensitive header from debug output
-            if key != http::header::AUTHORIZATION {
-                writeln!(f, "    {:?}: {:?}", key, val)?;
-            } else {
-                writeln!(f, "    {:?}: {:?}", key, "*redacted*")?;
+            match key {
+                &http::header::AUTHORIZATION | &http::header::PROXY_AUTHORIZATION => {
+                    writeln!(f, "    {:?}: {:?}", key, "*redacted*")?
+                }
+                _ => writeln!(f, "    {:?}: {:?}", key, val)?,
             }
         }
         Ok(())