fix: add x-session-token to redacted headers (#797)

ory · Jul 18, 2024 · 471f7d6 · 471f7d6
1 parent 5494942
commit 471f7d6
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/logrusx/helper.go b/logrusx/helper.go
@@ -59,7 +59,7 @@ func (l *Logger) HTTPHeadersRedacted(h http.Header) map[string]interface{} {
 
 	for key, value := range h {
 		keyLower := strings.ToLower(key)
-		if keyLower == "authorization" || keyLower == "cookie" || keyLower == "set-cookie" {
+		if keyLower == "authorization" || keyLower == "cookie" || keyLower == "set-cookie" || keyLower == "x-session-token" {
 			headers[keyLower] = l.maybeRedact(value)
 		} else {
 			headers[keyLower] = h.Get(key)

diff --git a/logrusx/logrus_test.go b/logrusx/logrus_test.go
@@ -32,6 +32,9 @@ var fakeRequest = &http.Request{
 		"X-Request-Id":    {"id1234"},
 		"Accept":          {"application/json"},
 		"Set-Cookie":      {"kratos_session=2198ef09ac09d09ff098dd123ab128353"},
+		"Cookie":          {"kratos_cookie=2198ef09ac09d09ff098dd123ab128353"},
+		"X-Session-Token": {"2198ef09ac09d09ff098dd123ab128353"},
+		"Authorization":   {"Bearer 2198ef09ac09d09ff098dd123ab128353"},
 	},
 	Body:       nil,
 	Host:       "127.0.0.1:63232",
@@ -186,9 +189,19 @@ func TestTextLogger(t *testing.T) {
 			},
 		},
 		{
-			l:         New("logrusx-server", "v0.0.1", ForceFormat("text"), ForceLevel(logrus.DebugLevel)),
-			expect:    []string{"set-cookie:Value is sensitive and has been redacted. To see the value set config key \"log.leak_sensitive_values = true\" or environment variable \"LOG_LEAK_SENSITIVE_VALUES=true\"."},
-			notExpect: []string{"set-cookie:kratos_session=2198ef09ac09d09ff098dd123ab128353"},
+			l: New("logrusx-server", "v0.0.1", ForceFormat("text"), ForceLevel(logrus.DebugLevel)),
+			expect: []string{
+				"set-cookie:Value is sensitive and has been redacted. To see the value set config key \"log.leak_sensitive_values = true\" or environment variable \"LOG_LEAK_SENSITIVE_VALUES=true\".",
+				`cookie:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`,
+				`x-session-token:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`,
+				`authorization:Value is sensitive and has been redacted. To see the value set config key "log.leak_sensitive_values = true" or environment variable "LOG_LEAK_SENSITIVE_VALUES=true".`,
+			},
+			notExpect: []string{
+				"set-cookie:kratos_session=2198ef09ac09d09ff098dd123ab128353",
+				"cookie:kratos_cookie=2198ef09ac09d09ff098dd123ab128353",
+				"x-session-token:2198ef09ac09d09ff098dd123ab128353",
+				"authorization:Bearer 2198ef09ac09d09ff098dd123ab128353",
+			},
 			call: func(l *Logger) {
 				l.WithRequest(fakeRequest).Debug()
 			},