Merge pull request #11 from codewise/improve-http-logging

Prevent logging sensitive HTTP headers
taboola · Feb 25, 2019 · 75f74e9 · 75f74e9
2 parents ca75c68 + 240b10d
commit 75f74e9
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -54,7 +54,7 @@
         <log4j.core.version>2.6.1</log4j.core.version>
         <retrofit.version>2.5.0</retrofit.version>
         <converter.jackson.version>2.3.0</converter.jackson.version>
-        <logging.interceptor.version>3.9.0</logging.interceptor.version>
+        <logging.interceptor.version>3.12.1</logging.interceptor.version>
         <jackson.databind.version>2.9.8</jackson.databind.version>
         <junit.version>4.12</junit.version>
         <mockito.all.version>1.10.19</mockito.all.version>

diff --git a/src/main/java/com/taboola/backstage/internal/CommunicationFactory.java b/src/main/java/com/taboola/backstage/internal/CommunicationFactory.java
@@ -49,6 +49,8 @@ private HttpLoggingInterceptor createLoggingInterceptor(CommunicationConfig conf
         HttpLoggingInterceptor loggingInterceptor = new HttpLoggingInterceptor(new CommunicationInterceptor());
         if(config.isDebug()) {
             loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
+            loggingInterceptor.redactHeader("Authorization");
+            loggingInterceptor.redactHeader("Cookie");
         } else {
             loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);
         }