api: Obscure Authorization header
Closed this issue · 0 comments
marclop commented
Overview
Currently the verbose transport, dumps out all of the request / response to the specified writer, while this is great for debugging purposes, it also exposes the Authorization header which contains credentials.
It would be great to add a bool
parameter in the api.VerboseSettings
to allow the VerboseTransport to obscure that header.
This will allow us to ship and collect the verbose output cleanly without exposing any secrets.
Of course a step further would be to actually purge any potential from API responses not only headers.