Closed gregolsen closed 2 years ago
This is more of a question at this point.
As part of fixing a credentials leak in Open Telemetry Ruby instrumentation we noticed that run_request doesn't remove credentials from the URL as, for example, this code does https://github.com/lostisland/faraday/blob/main/lib/faraday/connection.rb#L366 Is that a desired behavior or would it be better to remove basic authentication credentials from the URL in run_request too?
run_request
This is more of a question at this point.
As part of fixing a credentials leak in Open Telemetry Ruby instrumentation we noticed that
run_request
doesn't remove credentials from the URL as, for example, this code does https://github.com/lostisland/faraday/blob/main/lib/faraday/connection.rb#L366 Is that a desired behavior or would it be better to remove basic authentication credentials from the URL inrun_request
too?