DENIED Error Log Details

[JL-III]

When a backend server fails to receive the correct token from the proxy the following log message appears on the backend

This particular log message, unfortunately, divulges information that could potentially be used to reverse engineer the token intended to be sent by the proxy. For security purposes, I will refrain from delving into the specifics here, but I can provide more information if required.

In general, it is a security concern to disclose information in this manner, as it may be exploited by malicious parties.

It would be preferable to have the error log returned without including the data field. Alternatively, an option to disable it in the configuration could be introduced. These changes would go a long way in mitigating the security risk currently associated with the proxy.

I look forward to your assistance with this matter.