Skip to content

feat(client): redact sensitive headers in thrown exceptions (#290)#665

Open
jsavyasachi wants to merge 1 commit into
dakrone:3.xfrom
jsavyasachi:fix/issue-290-redact-headers
Open

feat(client): redact sensitive headers in thrown exceptions (#290)#665
jsavyasachi wants to merge 1 commit into
dakrone:3.xfrom
jsavyasachi:fix/issue-290-redact-headers

Conversation

@jsavyasachi

@jsavyasachi jsavyasachi commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Closes #290.

A non-success response throws a slingshot exception whose data carries the full response and the originating request (clj-http attaches it under :request). That request map includes any credential headers - Authorization, Proxy-Authorization - so they land in logs verbatim wherever the exception is printed. Redacting at each log site is error-prone, as the issue notes.

This adds a :redact-headers request option: any header whose lower-cased name is in the set has its value replaced with "REDACTED", in both the response headers and the attached request headers (and in the :throw-entire-message? message string). It defaults to #{"authorization" "proxy-authorization"}, so credentials are kept out of logs by default. Pass your own set to override it, or #{} to disable.

Per the discussion this covers both request and response headers. Tests cover the default, a custom set on response headers, and disabling.

Verified locally: full lein with-profile dev,1.10 test :all green

)

A non-success response throws a slingshot exception whose data carries the
full response and the originating request, including any Authorization (or
other credential) headers. Those values end up in logs verbatim.

Add a :redact-headers request option: any header whose lower-cased name is in
the set has its value replaced with "REDACTED" in both the response and the
attached request headers (and in the :throw-entire-message? message). Defaults
to #{"authorization" "proxy-authorization"} so credentials are kept out of
logs by default; pass a custom set to override, or #{} to disable. Closes dakrone#290.
@jsavyasachi jsavyasachi deleted the fix/issue-290-redact-headers branch June 21, 2026 17:42
@jsavyasachi jsavyasachi restored the fix/issue-290-redact-headers branch June 21, 2026 17:42
@jsavyasachi jsavyasachi reopened this Jun 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Provide a way to redact headers in ExceptionInfo

1 participant