diff --git a/lib/filters/http-headers.js b/lib/filters/http-headers.js index 024c402b02..7e0a14c9a3 100644 --- a/lib/filters/http-headers.js +++ b/lib/filters/http-headers.js @@ -9,10 +9,16 @@ const SetCookie = require('set-cookie-serde') module.exports = httpHeaders function httpHeaders (obj) { - const headers = obj.context && obj.context.request && obj.context.request.headers + const requestHeaders = obj.context && obj.context.request && obj.context.request.headers + const responseHeaders = obj.context && obj.context.response && obj.context.response.headers - if (!headers) return obj + if (requestHeaders) filterSensitiveHeaders(requestHeaders) + if (responseHeaders) filterSensitiveHeaders(responseHeaders) + return obj +} + +function filterSensitiveHeaders (headers) { for (const key in headers) { switch (key.toLowerCase()) { case 'authorization': @@ -41,8 +47,6 @@ function httpHeaders (obj) { break } } - - return obj } function stringify (value) { diff --git a/test/filters.js b/test/filters.js index 2ff1157a67..08612c5ed2 100644 --- a/test/filters.js +++ b/test/filters.js @@ -10,17 +10,26 @@ function makeTransactionWithHeaders (headers) { context: { request: { headers + }, + response: { + headers } } } } -function getHeaders (result) { +function getRequestHeaders (result) { try { return result.context.request.headers } catch (err) {} } +function getResponseHeaders (result) { + try { + return result.context.response.headers + } catch (err) {} +} + test('set-cookie', function (t) { const filters = new Filters() @@ -35,7 +44,14 @@ test('set-cookie', function (t) { }) ) - t.deepEqual(getHeaders(result), { + t.deepEqual(getRequestHeaders(result), { + 'set-cookie': [ + 'password=%5BREDACTED%5D', + 'card=%5BREDACTED%5D; Secure' + ] + }) + + t.deepEqual(getResponseHeaders(result), { 'set-cookie': [ 'password=%5BREDACTED%5D', 'card=%5BREDACTED%5D; Secure'