This PR adds an option to mask the headers of logged when the server responds with an error code (>= 400).
The options are the same as the one used on @algoan/nestjs-logging-interceptor.
This PR is using the same logic as #822 for the mask of the header (maskHeaders private method).
Motivation and Context
The headers may contain sensitive data. Especially, an API key header or an authorization header which may contain a JWT with numerous sensitive data encoded, readable by anyone once decoded. So, the http-exception-filter should provide a way to mask those sensitive data in the logs.
Types of changes
[ ] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
Description
This PR adds an option to mask the headers of logged when the server responds with an error code (>= 400).
The options are the same as the one used on
@algoan/nestjs-logging-interceptor
.This PR is using the same logic as #822 for the mask of the header (
maskHeaders
private method).Motivation and Context
The headers may contain sensitive data. Especially, an API key header or an authorization header which may contain a JWT with numerous sensitive data encoded, readable by anyone once decoded. So, the
http-exception-filter
should provide a way to mask those sensitive data in the logs.Types of changes