Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access tokens leaked in logs when using DEBUG level #536

Open
erlendvollset opened this issue Mar 15, 2024 · 0 comments · May be fixed by #539
Open

Access tokens leaked in logs when using DEBUG level #536

erlendvollset opened this issue Mar 15, 2024 · 0 comments · May be fixed by #539

Comments

@erlendvollset
Copy link

Hi!

Request/response headers are currently being logged without any sanitizing being done upfront, which means that bearer tokens are logged. There are many scenarios in which we'd like to use DEBUG level, but still not log access tokens. Can we either redact the Authorization headers when logging, or add an option to disable logging of headers altogether.

I put up this suggested PR:
#532
@jtroussard jtroussard linked a pull request Mar 23, 2024 that will close this issue
Adds logger filter for TOKENS when logging in DEBUG MODE #539
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Adds logger filter for TOKENS when logging in DEBUG MODE requests/requests-oauthlib
1 participant
@erlendvollset