geemus
commented
11 years ago @softwaregravy - I think this has been fixed in newer versions of excon. Could you bump excon and see?
Closed softwaregravy closed 11 years ago
geemus
commented
11 years ago @softwaregravy - I think this has been fixed in newer versions of excon. Could you bump excon and see?
softwaregravy
commented
11 years ago From Gemfile.lock
heroku-api (0.3.9)
excon (~> 0.20.1)No change in version on bundle update excon. Or were you suggesting I try 0.21?
geemus
commented
11 years ago @softwaregravy - oh, ok. I think I misread that. excon of that version should redact the authorization header, but that isn't the place where the value was appearing. Is this still a problem after your pull request? I'd think that if we delete the attributes out there it wouldn't leak through to this level any more? Thanks for working through this with me.
softwaregravy
commented
11 years ago Confirmed. My change fixed this as well.
geemus
commented
11 years ago @softwaregravy - great, thanks!
softwaregravy
commented
11 years ago Do you have guess on when this might make it into rubygems?
geemus
commented
11 years ago @softwaregravy - just pushed 0.3.10 for you, let me know if you have further concerns or issues. Thanks!
When using a client which is not authorized (see https://github.com/heroku/heroku.rb/issues/53) I get an error:
Heroku::API::Errors::Forbidden: Expected(200) <=> Actual(403 Forbidden)This error causes my client to dump the password in the clear (I put in the XXXXXX)