cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon httpie

Hide Authorization header credentials in verbose mode

Open ghost opened this issue 10 years ago • 2 comments

When the request headers are being echoed back, I'd like the default behavior to be to **** out the credentials.

Instead of this being displayed: Authorization: Basic aHR0cGllOmlzQXdlc29tZQ== I'd like to see: Authorization: Basic ************************

Similarly: Authorization: Bearer *******************************

Maybe a new option (like --show-creds) could be used to show the credentials.

ghost avatar Apr 06 '15 23:04 ghost

Good idea. People accidentally share sensitive data like this all the time. Thinking out loud:

  • Having this on by default goes slightly against having the output verbatim.
  • Authorization isn't the only header with sensitive values out there (think all the Token, X-API-Token, etc.).

jkbrzt avatar Jun 26 '15 15:06 jkbrzt