76e588b688
When the user uses OAuth for accessing Gerrit, the query parameters contain an access token. This token is used for authenticating the user with Gerrit. It should never be logged as a logged token could be used to impersonate the user the user when sending requests to Gerrit. Previously, we already redacted the access token from Jetty logs, now we move this logic to RestApiServlet to redact it in other environments as well. We'll leave it in the Jetty logger for now as the filtering is cheap and there might be other logging sources besides RestApiServlet. Change-Id: Id7c207f697f53f319ff9f959754a95a3f5f92409 |
||
|---|---|---|
| .. | ||
| plugins | ||
| raw | ||
| restapi | ||
| AllRequestFilterFilterProxyTest.java | ||
| BUILD | ||
| RemoteUserUtilTest.java | ||