From dc9821fea3993d6a62ff8470204633756c052801 Mon Sep 17 00:00:00 2001
From: "Taro L. Saito" <leo@xerial.org>
Date: Tue, 4 Mar 2025 23:23:09 -0800
Subject: [PATCH] http (feature): Exclude X-XSRF-Token, X-Auth-Token from http
 logs by default (#3858)

---
 .../src/main/scala/wvlet/airframe/http/HttpLogger.scala     | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/airframe-http/src/main/scala/wvlet/airframe/http/HttpLogger.scala b/airframe-http/src/main/scala/wvlet/airframe/http/HttpLogger.scala
index 4603e3c29..5aa03f47b 100644
--- a/airframe-http/src/main/scala/wvlet/airframe/http/HttpLogger.scala
+++ b/airframe-http/src/main/scala/wvlet/airframe/http/HttpLogger.scala
@@ -103,7 +103,11 @@ object HttpLogger extends LogSupport {
   def defaultExcludeHeaders: Set[String] = Set(
     HttpHeader.Authorization,
     HttpHeader.ProxyAuthorization,
-    HttpHeader.Cookie
+    HttpHeader.Cookie,
+    HttpHeader.SetCookie,
+    HttpHeader.SetCookie2,
+    "X-XSRF-Token",
+    "X-Auth-Token"
   )
 
   def emptyLogger(inputConfig: HttpLoggerConfig): HttpLogger = new HttpLogger {