Fix Sensitive Header Censorship in Log
- Add censoring of sensitive headers from being logged in _proxy()
- Fix issue where Cookie and X-XSRF-TOKEN were not censored as intended
Change-Id: I14b422a25b40d0014c05226f9ae4fe8be75e33fb
(cherry picked from commit 6b34416026
)
This commit is contained in:
parent
8e7075b69d
commit
d47b0adf73
|
@ -762,9 +762,13 @@ class ClusteredAPI(object):
|
|||
kwargs['headers'] = kwargs.get('headers', {})
|
||||
kwargs['headers'].update(conn.default_headers)
|
||||
if not self._silent:
|
||||
# To censor sensitive headers before logging
|
||||
kwargs_copy = copy.copy(kwargs)
|
||||
kwargs_copy['headers'] = utils.censor_headers(
|
||||
kwargs_copy['headers'])
|
||||
LOG.debug("API cluster proxy %s %s to %s with %s. "
|
||||
"Waited conn: %2.4f, rate: %2.4f",
|
||||
proxy_for.upper(), uri, url, kwargs,
|
||||
proxy_for.upper(), uri, url, kwargs_copy,
|
||||
conn_data.conn_wait, conn_data.rate_wait)
|
||||
|
||||
# call the actual connection method to do the
|
||||
|
|
|
@ -64,7 +64,7 @@ def set_inject_headers_callback(callback):
|
|||
|
||||
|
||||
def censor_headers(headers):
|
||||
censored_headers = ['authorization']
|
||||
censored_headers = ['authorization', 'x-xsrf-token', 'cookie']
|
||||
result = {}
|
||||
for name, value in headers.items():
|
||||
if name.lower() in censored_headers:
|
||||
|
|
Loading…
Reference in New Issue