Skip to content

Comments

honor maskValue flag for Authorization header#53

Open
njZhuMin wants to merge 1 commit intojenkinsci:masterfrom
njZhuMin:enhancement/honor_maskValue_for_Authorization_header
Open

honor maskValue flag for Authorization header#53
njZhuMin wants to merge 1 commit intojenkinsci:masterfrom
njZhuMin:enhancement/honor_maskValue_for_Authorization_header

Conversation

@njZhuMin
Copy link

@njZhuMin njZhuMin commented Jan 8, 2021

Hi @oleg-nenashev ,

I was trying to debug a request in Jenkins, set maskValue: false for Authorization header and found it didn't honor this flag.
I understand this change was by #22 and for case some security concerns (https://issues.jenkins.io/browse/JENKINS-39744).

I would like to propose an enhancement here which both respects maskValueflag and also masks Authorization header by default.

So I set default maskValue = true in HttpRequestNameValuePair.java constructor. In this case, when user passes maskValue: false in Authorization header, it can be honored correctly.

Please correct me if I missed something or you have further security concerns about this change.

Thanks for your great job done here!

Best regards,
Kevin

@oleg-nenashev oleg-nenashev self-requested a review April 23, 2021 19:53
@oleg-nenashev
Copy link
Member

oleg-nenashev commented Apr 23, 2021

Sorry, I missed the GitHub update. Was mostly off in Jan-Feb due to health issues. Added to my review queue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oleg-nenashev oleg-nenashev Awaiting requested review from oleg-nenashev

@Wadeck Wadeck Awaiting requested review from Wadeck

@daniel-beck daniel-beck Awaiting requested review from daniel-beck

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@njZhuMin @oleg-nenashev