yii2-authclient Sensitive headers logged in info log

Sensitive headers logged in info log

Open yii-bot opened this issue 7 years ago • 0 comments

This issue has originally been reported by @sanjakovac at https://github.com/yiisoft/yii2/issues/16488. Moved here by @samdark.

What steps will reproduce the problem?

Turn on info log in your application
Use function Yii/authclient/BaseOAuth.SendRequest to do Http POST request

What is the expected result?

Yii/httpclient/StreamTransport.send should log only basic information about request. Token should not be logged in info log, since it may contain sensitive information. Values of headers carrying sensitive information, should be obfuscated.

What do you get instead?

Yii/httpclient/StreamTransport.send will log all the headers including username/password if it was sent with request.

Additional info

Q	A
Yii httpclient version	2.0.6.0
PHP version	7.0
Operating system	MacOS

Jul 06 '18 14:07 yii-bot

yii2-authclient yii2-authclient copied to clipboard

Sensitive headers logged in info log

What steps will reproduce the problem?

What is the expected result?

What do you get instead?

Additional info

yii2-authclient
yii2-authclient copied to clipboard