Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

honor maskValue flag for Authorization header #53

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

njZhuMin
Copy link

@njZhuMin njZhuMin commented Jan 8, 2021

Hi @oleg-nenashev ,

I was trying to debug a request in Jenkins, set maskValue: false for Authorization header and found it didn't honor this flag.
I understand this change was by #22 and for case some security concerns (https://issues.jenkins.io/browse/JENKINS-39744).

I would like to propose an enhancement here which both respects maskValueflag and also masks Authorization header by default.

So I set default maskValue = true in HttpRequestNameValuePair.java constructor. In this case, when user passes maskValue: false in Authorization header, it can be honored correctly.

Please correct me if I missed something or you have further security concerns about this change.

Thanks for your great job done here!

Best regards,
Kevin

@oleg-nenashev oleg-nenashev self-requested a review April 23, 2021 19:53
@oleg-nenashev
Copy link
Member

Sorry, I missed the GitHub update. Was mostly off in Jan-Feb due to health issues. Added to my review queue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants