Is it possible to hide sensitive data in the error output of a failed request?

[hammzj]

In our tests, we send data to an internal service that requires authentication. Recently, this service encountered an issue, and the Cypress requests began failing on cy.request. In that request, the authentication was not hidden in the header; therefore, is it possible to hide this information when cypress reports an error?

`cy.request()` failed on:

{{endpoint removed}}

The response we received from your web server was:

  > 401: Unauthorized

This was considered a failure because the status code was not `2xx` or `3xx`.

If you do not want status codes to cause failures pass the option: `failOnStatusCode: false`

-----------------------------------------------------------

The request we sent was:

Method: GET
URL: {{endoint removed}}
Headers: {
  "Connection": "keep-alive",
  "Authorization": "{{removed for security reasons, but it was a base64 string -- THIS NEEDS TO BE ALWAYS BE HIDDEN}}",
  "Content-Type": "application/json",
  "user-agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36",
  "accept": "*/*",
  "accept-encoding": "gzip, deflate"
}

-----------------------------------------------------------

The response we got was:

Status: 401 - Unauthorized
Headers: {
  "date": "Mon, 19 Feb 2024 17:59:55 GMT",
  "content-type": "application/problem+json;charset=ISO-8859-1",
  "content-length": "56",
  "connection": "keep-alive",
  "server": "openresty",
  "x-content-type-options": "nosniff",
  "x-xss-protection": "1; mode=block",
  "cache-control": "no-cache, no-store, max-age=0, must-revalidate",
  "pragma": "no-cache",
  "expires": "0",
  "strict-transport-security": "max-age=31536000 ; includeSubDomains",
  "x-frame-options": "DENY"
}
Body: {
  "status": 401,
  "error": "Unauthorized",
  "message": "Error"
}


https://on.cypress.io/request

[KseniaKrasotina]

+1, found out the same issue, sensitive information appears in a failed requests even when I pass it as a secrets