ApplicationInsights-node.js icon indicating copy to clipboard operation
ApplicationInsights-node.js copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Credentials on basic authentication appear on the path

Open orgads opened this issue 3 years ago • 0 comments

When using axios:

axios({
  url: 'http://server/path',
  auth: {
    username: 'user',
    password: 's3cr37',
  }
});

The request dependency entry is logged as http://user:s3cr37@server/path, which is unsafe.

So far I found that _getUrlFromRequestOptions calls url.format, which includes the credentials if auth exists.

Is this intended? Is it possible to call url.format with auth stripped?

orgads avatar Mar 22 '22 21:03 orgads