Closed maelle closed 3 years ago
sckott
commented
4 years ago hmm, maybe. something to consider. Ruby vcr doesn't do this though, so just thinking of the wisdom of lots of previous experience, maybe it's not warranted or a good idea. will have to think about it more.
maelle
commented
4 years ago related to #58 (fine if it is not a good idea, just noting it is a related topic)
sckott
commented
4 years ago I think i'll implement filtering of headers (filter_headers) - similar to what's in vcrpy https://vcrpy.readthedocs.io/en/latest/advanced.html#filter-information-from-http-headers and possibly other filter options, for body and query string
maelle
commented
4 years ago Yay 🐍
sckott
commented
4 years ago thanks for pinging that other related issue.
i don't' think i agree with the idea of removing potentially sensitive fields/data by default. but i think we should make it as easy as possible and document it well
maelle
commented
4 years ago and having warnings would help not make mistakes (says someone who recently made a mistake :cold_sweat: )
sckott
commented
4 years ago Right, we could throw warnings if we detect a potential sensitive string
sckott
commented
4 years ago warnings in separate issue: #82
maelle
commented
4 years ago is the header filtering on the milestone for next release? I think it'd be really great for developers of packages with OAuth (so, for me :joy: ).
sckott
commented
4 years ago i'll put it on for next release milestone, but i haven't tried this yet, so don't know how long it will take
maelle
commented
4 years ago Fingers crossed!
sckott
commented
3 years ago
From httptest docs "By default, capture_requests will now purge any credentials contained in cookies, standard HTTP request headers, basic HTTP authentication methods, and OAuth token management objects."