Skip to content

Commit

Permalink
[fix] Obfuscate authorization header in debug mode
Browse files Browse the repository at this point in the history 
This has caused many problems, including @dscape being naked and users
accidentally leaking their password.
  • Loading branch information
@mmalecki
mmalecki committed Nov 14, 2012
1 parent 4293e19 commit 2f7fc03
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lib/jitsu.js
View file
Expand Up @@ -248,6 +248,11 @@ jitsu.setup = function (callback) {
jitsu[k].on('debug::response', debug);
function debug (data) {
if (jitsu.argv.debug || jitsu.config.get('debug')) {
if (data.headers && data.headers['Authorization']) {
data = JSON.parse(JSON.stringify(data));
data.headers['Authorization'] = Array(data.headers['Authorization'].length).join('*');
}

util.inspect(data, false, null, true).split('\n').forEach(jitsu.log.debug);
}
};
Expand Down

0 comments on commit 2f7fc03

Please sign in to comment.