blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2026-04-29 23:23:18 +08:00
Code Issues Projects Releases Wiki Activity

fix: sanitize Proxy-Authorization header in recovery panic logs

Browse Source 
secureRequestDump only masks the Authorization header but not
Proxy-Authorization, which also carries credentials (used by gin's
own BasicAuthForProxy middleware). When a panic occurs behind proxy
auth, credentials are logged in plaintext.
This commit is contained in:
barry3406 2026-04-09 06:10:47 -07:00
parent cf3be80b0e
commit 08e51b48be
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
recovery.go
View File

@ -99,8 +99,8 @@ func secureRequestDump(r *http.Request) string {
httpRequest, _ := httputil.DumpRequest(r, false) httpRequest, _ := httputil.DumpRequest(r, false)
lines := strings.Split(bytesconv.BytesToString(httpRequest), "\r\n") lines := strings.Split(bytesconv.BytesToString(httpRequest), "\r\n")
for i, line := range lines { for i, line := range lines {
if strings.HasPrefix(line, "Authorization:") { if strings.HasPrefix(line, "Authorization:") || strings.HasPrefix(line, "Proxy-Authorization:") {
lines[i] = "Authorization: *" lines[i] = strings.SplitN(line, ":", 2)[0] + ": *"
} }
} }
return strings.Join(lines, "\r\n") return strings.Join(lines, "\r\n")