Skip to content

Remove automatic redaction of header fields #113

Closed
apple/swift-openapi-runtime
#43
@simonjbeaumont

Description

@simonjbeaumont

During an unrelated PR on the runtime repo, there was some discussion about HeaderField.redactedHeaderFields and whether it's something we should keep:

Original discussion here: https://github.com/apple/swift-openapi-runtime/pull/22/files#r1259948110

My 2¢ is that this is just a datatype and that overriding CustomStringConvertible to redact certain headers is a bit of a layering violation.

My concern is that by providing this functionality implicitly, we also imply that it's safe by default, but in reality it's best-effort at best, using a few "well-known" headers.

For folks running production servers I would imagine they'd have policies around logging the headers anyway, for this reason, and we can accomplish the same functionality with a middleware, with explicit API.

If we think this is important enough to do at the CustomStringConvertible layer, then I think I'd prefer adopters provide the keys they want redacting explicitly in the configuration.

//cc @czechboy0 and @FranzBusch who were on the linked discussion thread.

Metadata

Metadata

Assignees

Labels

area/runtimeAffects: the runtime library.size/SSmall task. (A couple of hours of work.)

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions