clj-http icon indicating copy to clipboard operation
clj-http copied to clipboard

Published 20 hours ago verified publisher icon dakrone

Provide a way to redact headers in ExceptionInfo

Open ghost opened this issue 10 years ago • 2 comments

Some headers should not be written into logs. However, these headers will appear in the exception info thrown by a bad request. Manually redacting them at the site of logging is error-prone (at best, you lose the stack trace by re-constructing ex-info; at worst, you miss a place).

A better solution is to provide a binding that identifies redacted headers:

(binding [*redact-headers* ["X-MyCleartextPassword"]]
  (client/get ...))

ghost avatar Nov 16 '15 20:11 ghost

Note that this needs to apply to both request and response headers (request headers may be more important).

ghost avatar Nov 16 '15 21:11 ghost

I agree, this is necessary for people that want to hide authentication headers and the like in exceptions.

dakrone avatar Nov 17 '15 16:11 dakrone