这是indexloc提供的服务,不要输入任何密码
Skip to content

feat: enable applications to redact headers from recovery handler #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 15, 2022
Merged

feat: enable applications to redact headers from recovery handler #29

merged 2 commits into from
Mar 15, 2022

Conversation

@lgarrett-isp
Copy link
Collaborator

@lgarrett-isp lgarrett-isp commented Mar 14, 2022

Super simple header redaction for the recovery handler before it parses the request to a string and sends it to the application.

@codecov
Copy link

codecov bot commented Mar 14, 2022
edited
Loading

Codecov Report

Merging #29 (998c7ca) into main (269f9ad) will decrease coverage by 0.04%.
The diff coverage is 0.00%.

❗ Current head 998c7ca differs from pull request most recent head 04a61a7. Consider uploading reports for the commit 04a61a7 to get more accurate results

Impacted file tree graph

@@            Coverage Diff             @@
##             main      #29      +/-   ##
==========================================
- Coverage   85.71%   85.66%   -0.05%     
==========================================
  Files          24       24              
  Lines        1799     1800       +1     
==========================================
  Hits         1542     1542              
- Misses        181      182       +1     
  Partials       76       76
Impacted Files Coverage Δ
middleware/recovery.go 80.00% <0.00%> (-1.64%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 269f9ad...04a61a7. Read the comment docs.

danielgtaylor
danielgtaylor reviewed Mar 14, 2022
View reviewed changes
middleware/recovery.go Outdated
// RemovedHeaders defines a list of HTTP headers that will be redacted from the
// request in the Recovery handler--if any logging or other output occurs, these
// headings will have value '<redacted>'.
var RemovedHeaders []string
Copy link
Owner

@danielgtaylor danielgtaylor Mar 14, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we default this to []string{"Authorization"} as that header is always going to contain sensitive information? Users can always opt-out by setting it to an empty slice. Huma's approach is generally "batteries-included" and "do the right thing by default" when possible 😄

Copy link
Collaborator Author

@lgarrett-isp lgarrett-isp Mar 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed! Fixed!

@lgarrett-isp lgarrett-isp merged commit ef18a59 into main Mar 15, 2022
@lgarrett-isp lgarrett-isp deleted the lg/redact-jwt branch March 15, 2022 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danielgtaylor danielgtaylor danielgtaylor approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lgarrett-isp @danielgtaylor