Commit be96654d authored by Tatsuhiro Tsujikawa's avatar Tatsuhiro Tsujikawa

nghttpx: Don't log authorization request header field value with -LINFO

parent ce962c3f
......@@ -146,13 +146,22 @@ std::string colorizeHeaders(const char *hdrs) {
nhdrs += TTY_HTTP_HD;
nhdrs.append(p, np);
nhdrs += TTY_RST;
auto redact = util::strieq_l("authorization", StringRef{p, np});
p = np;
np = strchr(p, '\n');
if (!np) {
if (redact) {
nhdrs.append(": <redacted>");
} else {
nhdrs.append(p);
}
break;
}
if (redact) {
nhdrs.append(": <redacted>\n");
} else {
nhdrs.append(p, np + 1);
}
p = np + 1;
}
return nhdrs;
......
......@@ -463,6 +463,11 @@ int Http2DownstreamConnection::push_request_headers() {
if (LOG_ENABLED(INFO)) {
std::stringstream ss;
for (auto &nv : nva) {
if (util::streq_l("authorization", nv.name, nv.namelen)) {
ss << TTY_HTTP_HD << StringRef{nv.name, nv.namelen} << TTY_RST
<< ": <redacted>\n";
continue;
}
ss << TTY_HTTP_HD << StringRef{nv.name, nv.namelen} << TTY_RST << ": "
<< StringRef{nv.value, nv.valuelen} << "\n";
}
......
......@@ -321,6 +321,10 @@ int Http2Upstream::on_request_headers(Downstream *downstream,
if (LOG_ENABLED(INFO)) {
std::stringstream ss;
for (auto &nv : nva) {
if (nv.name == "authorization") {
ss << TTY_HTTP_HD << nv.name << TTY_RST << ": <redacted>\n";
continue;
}
ss << TTY_HTTP_HD << nv.name << TTY_RST << ": " << nv.value << "\n";
}
ULOG(INFO, this) << "HTTP request headers. stream_id="
......
......@@ -318,6 +318,10 @@ int htp_hdrs_completecb(http_parser *htp) {
<< "HTTP/" << req.http_major << "." << req.http_minor << "\n";
for (const auto &kv : req.fs.headers()) {
if (kv.name == "authorization") {
ss << TTY_HTTP_HD << kv.name << TTY_RST << ": <redacted>\n";
continue;
}
ss << TTY_HTTP_HD << kv.name << TTY_RST << ": " << kv.value << "\n";
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment