Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not log Authorization header when POSTing to OPA #57

Closed
massenz opened this issue Oct 26, 2023 · 1 comment
Closed

Do not log Authorization header when POSTing to OPA #57

massenz opened this issue Oct 26, 2023 · 1 comment
Labels
bug Something isn't working Security Urgent

Comments

@massenz
Copy link
Owner

massenz commented Oct 26, 2023

We currently log the headers' contents; however the Authorization header has sensitive information that should not be logged (like we obfuscate the contents of the JWT)
@massenz massenz added bug Something isn't working Security Urgent labels Oct 26, 2023
@massenz massenz mentioned this issue Oct 29, 2023
Merged
massenz added a commit that referenced this issue Oct 29, 2023
@massenz
Removed Authorization header from logs [#57] (#58)
4e0a4a8 
* Cleanup & Refactoring of API Token logging

* Removed Authorization header contents from logs
@massenz
Copy link
Owner Author

massenz commented Oct 30, 2023

Merged and released in the 0.11.0 Rel.

@massenz massenz closed this as completed Oct 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working Security Urgent
Projects
Spring Security OPA Integration
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@massenz