Swatinem
commented
5 months ago Thank you, I wasn’t aware so far that some headers are marked as sensitive and there is API for that.
Closed FSMaxB closed 5 months ago
Swatinem
commented
5 months ago Thank you, I wasn’t aware so far that some headers are marked as sensitive and there is API for that.
FSMaxB
commented
5 months ago I'm not sure whether any are set as sensitive by default, but there is a middleware in tower-http that can be used to set headers as sensitive for example: https://docs.rs/tower-http/0.5.2/tower_http/sensitive_headers/index.html
Ten0
commented
4 months ago Looks like it might be better to instead write them as <sensitive>, so that people don't start wondering why their headers aren't sent when they in fact are but are just redacted from the logs.
I've noticed that when constructing a
sentry_core::protocol::Request, all headers are copied even if they are marked as sensitive.This PR filters out sensitive headers.