honor maskValue flag for Authorization header #53
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi @oleg-nenashev ,
I was trying to debug a request in Jenkins, set
maskValue: false
for Authorization header and found it didn't honor this flag.I understand this change was by #22 and for case some security concerns (https://issues.jenkins.io/browse/JENKINS-39744).
I would like to propose an enhancement here which both respects
maskValue
flag and also masks Authorization header by default.So I set default
maskValue = true
in HttpRequestNameValuePair.java constructor. In this case, when user passesmaskValue: false
in Authorization header, it can be honored correctly.Please correct me if I missed something or you have further security concerns about this change.
Thanks for your great job done here!
Best regards,
Kevin