-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Full URL displayed in debug logs #2971
Copy link
Copy link
Closed
Labels
E-easyEffort: Easy! Start here :DEffort: Easy! Start here :DE-pr-welcomeThe feature is welcome to be added, instruction should be found in the issue.The feature is welcome to be added, instruction should be found in the issue.
Description
Metadata
Metadata
Assignees
Labels
E-easyEffort: Easy! Start here :DEffort: Easy! Start here :DE-pr-welcomeThe feature is welcome to be added, instruction should be found in the issue.The feature is welcome to be added, instruction should be found in the issue.
API providers should follow best practices and support authentication schemes that don't put secrets in the URL; however, the reality is sometimes you need to use an api that doesn't support this. Reqwest already has some nice functionality for stripping urls from error messages, but in a few other places the URL is logged from reqwest in a debug log so the consumer of the dependency can't strip the URLs or suppress the log at compile time AFAICT.
Perhaps I'm missing a config or code path that can avoid these debug logs?
reqwest/src/connect.rs
Line 784 in fa74a8b
reqwest/src/connect.rs
Line 929 in fa74a8b
It'd be amazing to be able to configure a map, so we can set safe display values for each url to be used across all logging, or simply allow setting a config to ensure URLs don't leak in logs.