berkus
/
actix-web
mirror of https://github.com/fafhrd91/actix-web
1
0
Fork 0
Code Issues Releases Wiki Activity

fix changelog

This commit is contained in:
Rob Ede 2023-07-19 19:35:25 +01:00
parent bc78ceb420
commit 8f420e6f53
No known key found for this signature in database
GPG Key ID: 97C636207D3EF933
2 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
actix-web/CHANGES.md
View File

@ -10,6 +10,7 @@
### Changed ### Changed
- Handler functions can now receive up to 16 extractor parameters. - Handler functions can now receive up to 16 extractor parameters.
- Hide sensitive header values in `HttpRequest`'s `Debug` output.
- Minimum supported Rust version (MSRV) is now 1.65 due to transitive `time` dependency. - Minimum supported Rust version (MSRV) is now 1.65 due to transitive `time` dependency.
## 4.3.1 - 2023-02-26 ## 4.3.1 - 2023-02-26
@ -18,11 +19,6 @@
- Add support for custom methods with the `#[route]` macro. [#2969] - Add support for custom methods with the `#[route]` macro. [#2969]
### Fixed
- Hide `Authorization` and `Proxy-Authorization` header in `HttpRequest` Debug output [#2953]
[#2953]: https://github.com/actix/actix-web/pull/2953
[#2969]: https://github.com/actix/actix-web/pull/2969 [#2969]: https://github.com/actix/actix-web/pull/2969
## 4.3.0 - 2023-01-21 ## 4.3.0 - 2023-01-21

17
actix-web/src/request.rs
View File

@ -435,24 +435,28 @@ impl fmt::Debug for HttpRequest {
self.inner.head.method, self.inner.head.method,
self.path() self.path()
)?; )?;
if !self.query_string().is_empty() { if !self.query_string().is_empty() {
writeln!(f, " query: ?{:?}", self.query_string())?; writeln!(f, " query: ?{:?}", self.query_string())?;
} }
if !self.match_info().is_empty() { if !self.match_info().is_empty() {
writeln!(f, " params: {:?}", self.match_info())?; writeln!(f, " params: {:?}", self.match_info())?;
} }
writeln!(f, " headers:")?; writeln!(f, " headers:")?;
for (key, val) in self.headers().iter() { for (key, val) in self.headers().iter() {
// Hide sensitive header from debug output
match key { match key {
// redact sensitive header values from debug output
&crate::http::header::AUTHORIZATION &crate::http::header::AUTHORIZATION
| &crate::http::header::PROXY_AUTHORIZATION | &crate::http::header::PROXY_AUTHORIZATION
| &crate::http::header::COOKIE => { | &crate::http::header::COOKIE => writeln!(f, " {:?}: {:?}", key, "*redacted*")?,
writeln!(f, " {:?}: {:?}", key, "*redacted*")?
}
_ => writeln!(f, " {:?}: {:?}", key, val)?, _ => writeln!(f, " {:?}: {:?}", key, val)?,
} }
} }
Ok(()) Ok(())
} }
} }
@ -931,7 +935,10 @@ mod tests {
fn proxy_authorization_header_hidden_in_debug() { fn proxy_authorization_header_hidden_in_debug() {
let proxy_authorization_header = "secret value"; let proxy_authorization_header = "secret value";
let req = TestRequest::get() let req = TestRequest::get()
.insert_header((crate::http::header::PROXY_AUTHORIZATION, proxy_authorization_header)) .insert_header((
crate::http::header::PROXY_AUTHORIZATION,
proxy_authorization_header,
))
.to_http_request(); .to_http_request();
assert!(!format!("{:?}", req).contains(proxy_authorization_header)); assert!(!format!("{:?}", req).contains(proxy_authorization_header));