Nano with Axios is not scrubbing output correctly for non-url basic auth (using requestDefaults) on request errors. Auth errors, timeouts and change feeds are still dumping the password from the request if using requestDefaults: Auth to authenticate. Headers are scrubbed for logging though but not errors.
Expected Behavior
All exceptions/errors should scrub the request header (requestDefaults.auth) or just auth object password correctly.
Current Behavior
For Auth request header (Basic Auth) the password is not scrubbed with new axios requests.
Possible Solution
Where url and cookie is currently scrubbed in responseHandlers, also scrub auth header just like is done in relax()
Steps to Reproduce (for bugs)
Authenticate using requestDefaults -> Auth header username and password
Generate a exception (cut connection on a reader for example)
Password is not scrubbed for Request added to Error object returned.
Context
Our password is being dumped to logs and shipped on timeouts in our production environment.
Nano with Axios is not scrubbing output correctly for non-url basic auth (using requestDefaults) on request errors. Auth errors, timeouts and change feeds are still dumping the password from the request if using requestDefaults: Auth to authenticate. Headers are scrubbed for logging though but not errors.
Expected Behavior
All exceptions/errors should scrub the request header (requestDefaults.auth) or just auth object password correctly.
Current Behavior
For Auth request header (Basic Auth) the password is not scrubbed with new axios requests.
Possible Solution
Where url and cookie is currently scrubbed in responseHandlers, also scrub auth header just like is done in relax()
Steps to Reproduce (for bugs)
Context
Our password is being dumped to logs and shipped on timeouts in our production environment.
Your Environment