lib/timber/util/http_event.rb in timber-2.0.0 vs lib/timber/util/http_event.rb in timber-2.0.1
- old
+ new
@@ -1,10 +1,11 @@
module Timber
module Util
module HTTPEvent
- BODY_LIMIT = 5_000.freeze
+ AUTHORIZATION_HEADER = 'authorization'.freeze
QUERY_STRING_LIMIT = 5_000.freeze
+ SANITIZED_VALUE = '[sanitized]'.freeze
extend self
def full_path(path, query_string)
if query_string
@@ -18,21 +19,27 @@
if Config.instance.capture_http_body_content_types.include?(content_type)
if body.respond_to?(:body)
body = body.body.to_s
end
- body[0..(BODY_LIMIT - 1)]
+ body[0..(Config.instance.http_body_limit - 1)]
else
# Drop the body if it is not a format we want to capture.
# This gives users more control to avoid loggin files, etc.
nil
end
end
def normalize_headers(headers)
if headers.is_a?(::Hash)
headers.each_with_object({}) do |(k, v), h|
- h[k.to_s.downcase] = v
+ k = k.to_s.downcase
+ case k
+ when AUTHORIZATION_HEADER
+ h[k] = SANITIZED_VALUE
+ else
+ h[k] = v
+ end
end
else
headers
end
end
\ No newline at end of file