middleware/log: Filter out sensitive headers

Turbo87 · Turbo87 · commit 7fd8bfaeab0a · 2020-10-26T11:02:54.000+01:00
diff --git a/src/middleware/log_request.rs b/src/middleware/log_request.rs
@@ -109,9 +109,12 @@ fn report_to_sentry(req: &dyn RequestExt, res: &AfterResult, response_time: u64)
         }
 
         {
+            let filtered_headers = vec!["Authorization", "Cookie", "X-Real-Ip"];
+
             let headers = req
                 .headers()
                 .iter()
+                .filter(|(k, _v)| !filtered_headers.iter().any(|name| k == name))
                 .map(|(k, v)| (k.to_string(), v.to_str().unwrap_or_default().to_string()))
                 .collect();
 

Original file line number	Diff line number	Diff line change
`@@ -109,9 +109,12 @@ fn report_to_sentry(req: &dyn RequestExt, res: &AfterResult, response_time: u64)`
`109`	`109`	`}`
`110`	`110`
`111`	`111`	`{`
	`112`	`+ let filtered_headers = vec!["Authorization", "Cookie", "X-Real-Ip"];`
	`113`	`+`
`112`	`114`	`let headers = req`
`113`	`115`	`.headers()`
`114`	`116`	`.iter()`
	`117`	`+ .filter(\|(k, _v)\| !filtered_headers.iter().any(\|name\| k == name))`
`115`	`118`	`.map(\|(k, v)\| (k.to_string(), v.to_str().unwrap_or_default().to_string()))`
`116`	`119`	`.collect();`
`117`	`120`