Merge "Omit X-Subject-Token from log"
This commit is contained in:
commit
f27b677d22
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
The x-subject-token of a response header is ommitted from log,
|
||||
but clients specify the same token on a request header on
|
||||
Keystone API and that was not omitted. In this release,
|
||||
that has been omitted for a security reason.
|
|
@ -416,6 +416,8 @@ class RestClient(object):
|
|||
resp_body=None, extra=None):
|
||||
if 'X-Auth-Token' in req_headers:
|
||||
req_headers['X-Auth-Token'] = '<omitted>'
|
||||
if 'X-Subject-Token' in req_headers:
|
||||
req_headers['X-Subject-Token'] = '<omitted>'
|
||||
# A shallow copy is sufficient
|
||||
resp_log = resp.copy()
|
||||
if 'x-subject-token' in resp_log:
|
||||
|
|
Loading…
Reference in New Issue