From 75fce91353c02cd498f27d21b08261c23ea03d70 Mon Sep 17 00:00:00 2001
From: ThetaDev <thetadev@magenta.de>
Date: Thu, 26 Dec 2024 01:14:38 +0100
Subject: [PATCH] fix: dont leak authorization and cookie header in reports

---
 src/client/mod.rs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/client/mod.rs b/src/client/mod.rs
index 2fec2a1..82f0514 100644
--- a/src/client/mod.rs
+++ b/src/client/mod.rs
@@ -1944,8 +1944,14 @@ impl RustyPipeQuery {
                             request
                                 .headers()
                                 .iter()
+                                .filter(|(k, _)| k != &header::COOKIE)
                                 .map(|(k, v)| {
-                                    (k.as_str(), v.to_str().unwrap_or_default().to_owned())
+                                    let vstr = if k == header::AUTHORIZATION {
+                                        "[redacted]"
+                                    } else {
+                                        v.to_str().unwrap_or_default()
+                                    };
+                                    (k.as_str(), vstr.to_owned())
                                 })
                                 .collect(),
                         ),