berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

fix: also hide proxy-authorization 

As reccomended by robjtede
This commit is contained in:
Nathan Shaaban 2023-02-26 20:35:55 +00:00
parent 9482d2972a
commit 199aa5a40e
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
actix-web/CHANGES.md
View File

@ -10,7 +10,7 @@
### Fixed
- Add `Allow` header to `Resource`'s default responses when no routes are matched. [#2949]
- Hide `Authorization` header in `HttpRequest` Debug output
- Hide `Authorization` and `Proxy-Authorization` header in `HttpRequest` Debug output
[#1961]: https://github.com/actix/actix-web/pull/1961
[#2265]: https://github.com/actix/actix-web/pull/2265

9
actix-web/src/request.rs
View File

@ -446,10 +446,11 @@ impl fmt::Debug for HttpRequest {
writeln!(f, " headers:")?;
for (key, val) in self.headers().iter() {
// Hide sensitive header from debug output
if key != http::header::AUTHORIZATION {
writeln!(f, " {:?}: {:?}", key, val)?;
} else {
writeln!(f, " {:?}: {:?}", key, "*redacted*")?;
match key {
&http::header::AUTHORIZATION | &http::header::PROXY_AUTHORIZATION => {
writeln!(f, " {:?}: {:?}", key, "*redacted*")?
}
_ => writeln!(f, " {:?}: {:?}", key, val)?,
}
}
Ok(())