Skip to content

Commit

Permalink
feat(request): Add Proxy-Authorization as a sensitive header (#859)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonathroth
jonathroth authored Jul 18, 2024
1 parent 00f7f6c commit ec57183
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 10 deletions.
9 changes: 5 additions & 4 deletions interfaces.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,10 +166,11 @@ type Request struct {
}

var sensitiveHeaders = map[string]struct{}{
"Authorization": {},
"Cookie": {},
"X-Forwarded-For": {},
"X-Real-Ip": {},
"Authorization": {},
"Proxy-Authorization": {},
"Cookie": {},
"X-Forwarded-For": {},
"X-Real-Ip": {},
}

// NewRequest returns a new Sentry Request from the given http.Request.
Expand Down
15 changes: 9 additions & 6 deletions interfaces_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ func TestNewRequest(t *testing.T) {
const payload = `{"test_data": true}`
r := httptest.NewRequest("POST", "/test/?q=sentry", strings.NewReader(payload))
r.Header.Add("Authorization", "Bearer 1234567890")
r.Header.Add("Proxy-Authorization", "Bearer 123")
r.Header.Add("Cookie", "foo=bar")
r.Header.Add("X-Forwarded-For", "127.0.0.1")
r.Header.Add("X-Real-Ip", "127.0.0.1")
Expand All @@ -91,12 +92,13 @@ func TestNewRequest(t *testing.T) {
QueryString: "q=sentry",
Cookies: "foo=bar",
Headers: map[string]string{
"Authorization": "Bearer 1234567890",
"Cookie": "foo=bar",
"Host": "example.com",
"X-Forwarded-For": "127.0.0.1",
"X-Real-Ip": "127.0.0.1",
"Some-Header": "some-header value",
"Authorization": "Bearer 1234567890",
"Proxy-Authorization": "Bearer 123",
"Cookie": "foo=bar",
"Host": "example.com",
"X-Forwarded-For": "127.0.0.1",
"X-Real-Ip": "127.0.0.1",
"Some-Header": "some-header value",
},
Env: map[string]string{
"REMOTE_ADDR": "192.0.2.1",
Expand All @@ -112,6 +114,7 @@ func TestNewRequestWithNoPII(t *testing.T) {
const payload = `{"test_data": true}`
r := httptest.NewRequest("POST", "/test/?q=sentry", strings.NewReader(payload))
r.Header.Add("Authorization", "Bearer 1234567890")
r.Header.Add("Proxy-Authorization", "Bearer 123")
r.Header.Add("Cookie", "foo=bar")
r.Header.Add("X-Forwarded-For", "127.0.0.1")
r.Header.Add("X-Real-Ip", "127.0.0.1")
Expand Down

0 comments on commit ec57183

Please sign in to comment.