From c14c03f0738bc5b25a1ac67e47e17966b750df82 Mon Sep 17 00:00:00 2001
From: Nathan Shaaban <nshaaban@cpacketnetworks.com>
Date: Thu, 29 Dec 2022 19:18:55 +0000
Subject: [PATCH] chore: add comments

---
 actix-web/CHANGES.md     | 1 +
 actix-web/src/request.rs | 1 +
 2 files changed, 2 insertions(+)

diff --git a/actix-web/CHANGES.md b/actix-web/CHANGES.md
index 8ea60266e..070d159b2 100644
--- a/actix-web/CHANGES.md
+++ b/actix-web/CHANGES.md
@@ -10,6 +10,7 @@
 
 ### Fixed
 - Add `Allow` header to `Resource`'s default responses when no routes are matched. [#2949]
+- Hide `Authorization` header in `HttpRequest` Debug output
 
 [#1961]: https://github.com/actix/actix-web/pull/1961
 [#2265]: https://github.com/actix/actix-web/pull/2265
diff --git a/actix-web/src/request.rs b/actix-web/src/request.rs
index ba2fe8844..3039a7326 100644
--- a/actix-web/src/request.rs
+++ b/actix-web/src/request.rs
@@ -445,6 +445,7 @@ impl fmt::Debug for HttpRequest {
         }
         writeln!(f, "  headers:")?;
         for (key, val) in self.headers().iter() {
+            // Hide sensitive header from debug output
             if key != http::header::AUTHORIZATION {
                 writeln!(f, "    {:?}: {:?}", key, val)?;
             }