fix: Make sure X-Broker-Token header is not logged

Make sure log entries' headers don't include x-broker-token token. The log context already includes maskedToken which can be used to select specific client's logs.
snyk · Jul 2, 2021 · 0a7123a · 0a7123a
1 parent 4a17388
commit 0a7123a
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/lib/log.js b/lib/log.js
@@ -86,6 +86,9 @@ function sanitiseHeaders(headers) {
   if (hdrs.authorization) {
     hdrs.authorization = '${AUTHORIZATION}';
   }
+  if (hdrs['X-Broker-Token']) {
+    hdrs['X-Broker-Token'] = '${BROKER_TOKEN}';
+  };
   return sanitiseObject(hdrs);
 }