force-rest-api icon indicating copy to clipboard operation
force-rest-api copied to clipboard

Published 20 hours ago verified publisher icon jesperfj

Remove authorisation token from toString representation

Open sayembd opened this issue 7 years ago • 0 comments

HttpRequest's toString representation should not contain the authorisation token, because then it will be leaked when the request is logged.

This is currently the case - HttpResponse.send method logs the HttpRequest whenever it receives a bad response code from SalesForce, leaking the authorisation code in the log.

sayembd avatar Dec 07 '18 16:12 sayembd