Skip to content

Commit

Permalink
fix(server/logging): sensitive response headers should not be logged (#…
Browse files Browse the repository at this point in the history 
…2039)
  • Loading branch information
@iainsproat
iainsproat authored Feb 12, 2024
1 parent d836b64 commit 2983183
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion packages/server/logging/expressLogging.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,20 @@ export const LoggingExpressMiddleware = HttpLogger({
return {
statusCode: res.raw.statusCode,
// Allowlist useful headers
headers: resRaw.raw.headers,
headers: Object.fromEntries(
Object.entries(resRaw.raw.headers).filter(
([key]) =>
![
'set-cookie',
'authorization',
'cf-connecting-ip',
'true-client-ip',
'x-real-ip',
'x-forwarded-for',
'x-original-forwarded-for'
].includes(key.toLocaleLowerCase())
)
),
userId: auth?.userId
}
})
Expand Down

0 comments on commit 2983183

Please sign in to comment.