Fix to show request headers in Action's Tester UI (segmentio#2067)

* add test destination * add request body * convert req headers to js object * remove test dest * add filtering for sensitive headers
customerio · Jun 4, 2024 · dbec70c · dbec70c
1 parent 5887a12
commit dbec70c
Showing 1 changed file with 34 additions and 2 deletions.
diff --git a/packages/cli/src/lib/summarize-http.ts b/packages/cli/src/lib/summarize-http.ts
@@ -7,7 +7,7 @@ export interface Exchange {
 
 export interface RequestToDestination {
   url: string
-  headers: Headers
+  headers: { [key: string]: string } // JSON.strigify() does not work for request headers
   method: string
   body: unknown
 }
@@ -36,10 +36,42 @@ async function summarizeRequest(response: Response): Promise<RequestToDestinatio
   const request = response.request.clone()
   const data = await request.text()
 
+  // List of headers that may contain sensitive information
+  const sensitiveHeaders = [
+    'authorization',
+    'proxy-authorization',
+    'cookie',
+    'set-cookie',
+    'www-authenticate',
+    'proxy-authenticate',
+    'x-csrf-token',
+    'x-xsrf-token',
+    'x-api-key',
+    'x-client-id',
+    'x-uid',
+    'x-requested-with',
+    'x-forwarded-for',
+    'x-real-ip',
+    'x-amz-security-token',
+    'x-amz-content-sha256',
+    'x-amz-date',
+    'x-amz-user-agent'
+  ]
+
+  // Convert headers to plain JavaScript object and redact sensitive headers
+  const headersObject: { [key: string]: string } = {}
+  request.headers.forEach((value, key) => {
+    if (sensitiveHeaders.includes(key.toLowerCase())) {
+      headersObject[key] = '<redacted>'
+    } else {
+      headersObject[key] = value
+    }
+  })
+
   return {
     url: request.url,
     method: request.method,
-    headers: request.headers,
+    headers: headersObject,
     body: data ?? ''
   }
 }