From 240b10d3b42a17bc4ac090cde78f5c352a380a22 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Przemys=C5=82aw=20Elias?= <przemyslaw.elias@codewise.com>
Date: Fri, 15 Feb 2019 15:24:34 +0100
Subject: [PATCH] Prevent logging sensitive HTTP headers

---
 pom.xml                                                         | 2 +-
 .../com/taboola/backstage/internal/CommunicationFactory.java    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 0b13036..c3225b6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -54,7 +54,7 @@
         <log4j.core.version>2.6.1</log4j.core.version>
         <retrofit.version>2.5.0</retrofit.version>
         <converter.jackson.version>2.3.0</converter.jackson.version>
-        <logging.interceptor.version>3.9.0</logging.interceptor.version>
+        <logging.interceptor.version>3.12.1</logging.interceptor.version>
         <jackson.databind.version>2.9.8</jackson.databind.version>
         <junit.version>4.12</junit.version>
         <mockito.all.version>1.10.19</mockito.all.version>
diff --git a/src/main/java/com/taboola/backstage/internal/CommunicationFactory.java b/src/main/java/com/taboola/backstage/internal/CommunicationFactory.java
index 953bbea..453853c 100644
--- a/src/main/java/com/taboola/backstage/internal/CommunicationFactory.java
+++ b/src/main/java/com/taboola/backstage/internal/CommunicationFactory.java
@@ -49,6 +49,8 @@ private HttpLoggingInterceptor createLoggingInterceptor(CommunicationConfig conf
         HttpLoggingInterceptor loggingInterceptor = new HttpLoggingInterceptor(new CommunicationInterceptor());
         if(config.isDebug()) {
             loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
+            loggingInterceptor.redactHeader("Authorization");
+            loggingInterceptor.redactHeader("Cookie");
         } else {
             loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BASIC);
         }