Description
During an unrelated PR on the runtime repo, there was some discussion about HeaderField.redactedHeaderFields
and whether it's something we should keep:
Original discussion here: https://github.com/apple/swift-openapi-runtime/pull/22/files#r1259948110
My 2¢ is that this is just a datatype and that overriding CustomStringConvertible
to redact certain headers is a bit of a layering violation.
My concern is that by providing this functionality implicitly, we also imply that it's safe by default, but in reality it's best-effort at best, using a few "well-known" headers.
For folks running production servers I would imagine they'd have policies around logging the headers anyway, for this reason, and we can accomplish the same functionality with a middleware, with explicit API.
If we think this is important enough to do at the CustomStringConvertible
layer, then I think I'd prefer adopters provide the keys they want redacting explicitly in the configuration.
//cc @czechboy0 and @FranzBusch who were on the linked discussion thread.