Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Headers are not sanitized #375

Closed
StefanMich opened this issue Dec 2, 2019 · 3 comments
Closed

Headers are not sanitized #375

StefanMich opened this issue Dec 2, 2019 · 3 comments

Comments

@StefanMich
Copy link
Contributor

I am using silk in a project with a tastypie api, and when using apikey or basic auth these are sent as request header 'Authorization'. These headers are stored in silk which is security risk.
@StefanMich StefanMich mentioned this issue Dec 2, 2019
Merged
@StefanMich
Copy link
Contributor Author

Implemented it with a hardcoded list, to be consistent with how bodies are masked.
It might be better to implement it as a setting so any header can be masked. I am happy to do that change if anyone finds that to be better

@nasirhjafri
Copy link
Member

Added in release 4.0.0 (#384)

@chidg
Copy link

chidg commented Jan 14, 2020

Great that you've done this @StefanMich and that @nasirhjafri has merged it, however is it possible to have it also merged into a maintained 3.x version? Silk 4.0 does not support Django <2.2, which means Django 1.11 which is currently still a supported LTS release doesn't have access to this important security fix.

@alextatarinov alextatarinov mentioned this issue May 3, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@StefanMich @chidg @nasirhjafri