However, those headers may contain sensitive data. Especially, the authorization header may contain a JWT which can encode sensitive data, readable by anyone once decoded. So, the logging interceptor should provide a way to mask request headers.
Fix #818
Types of changes
[ ] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
Add option to
LoggingInterceptor
to mask sensitive data of header request from the log.Description
The solution implemented is described in #818.
Motivation and Context
Currently, all the headers of the request are logged: https://github.com/algoan/nestjs-components/blob/c0b9a71f332d35d0a2e7f7fcc588d322bae6a95c/packages/logging-interceptor/src/logging.interceptor.ts#L72-L80
However, those headers may contain sensitive data. Especially, the
authorization
header may contain a JWT which can encode sensitive data, readable by anyone once decoded. So, the logging interceptor should provide a way to mask request headers.Fix #818
Types of changes