Hide Authorization header credentials in verbose mode

httpie / cli

🥧 HTTPie CLI — modern, user-friendly command-line HTTP client for the API era. JSON support, colors, sessions, downloads, plugins & more.

https://httpie.io

BSD 3-Clause "New" or "Revised" License

33.43k stars 3.68k forks source link

Open ghost opened 9 years ago

ghost commented 9 years ago

When the request headers are being echoed back, I'd like the default behavior to be to **\ out the credentials.

Instead of this being displayed: Authorization: Basic aHR0cGllOmlzQXdlc29tZQ== I'd like to see: Authorization: Basic ************************

Similarly: Authorization: Bearer *******************************

Maybe a new option (like --show-creds) could be used to show the credentials.

jkbrzt commented 9 years ago

Good idea. People accidentally share sensitive data like this all the time. Thinking out loud:

Having this on by default goes slightly against having the output verbatim.
Authorization isn't the only header with sensitive values out there (think all the Token, X-API-Token, etc.).

ncharaf commented 3 months ago

Hello,

Any update regarding this issue ?

Is it possible to implement something similar to what is done on httpx and also allow the user to add some custom headers

Thx