Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: provide a way to view reports with plain text authorization masked or removed #457

Open
softprops opened this issue Dec 16, 2024 · 0 comments
Open

security: provide a way to view reports with plain text authorization masked or removed #457

softprops opened this issue Dec 16, 2024 · 0 comments

Comments

@softprops
Copy link

Is your feature request related to a problem? Please describe.

while getting authorized requests to work with #424 I found that when I generated a report with --format=html the report showed in plaintext the authorization metadata. this is a secret credential that should never be viewed in plaintext. these reports are useful but make it easy to leak sensitive info sent in request metadata

Describe the solution you'd like

provide a configuration option to hide or omit metadata keys from generated reports. these reports should be sharable without also sharing private api credentials

Describe alternatives you've considered

sed report impl details to exclude authorization header

Additional context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@softprops