Bug 1470034 - Remove x-client-state and hawk auth header trace logs.
MozReview-Commit-ID: GJeLlJ3HajP
--- a/services/common/hawkrequest.js
+++ b/services/common/hawkrequest.js
@@ -76,17 +76,16 @@ HAWKAuthenticatedRESTRequest.prototype =
now: this.now,
localtimeOffsetMsec: this.localtimeOffsetMsec,
credentials: this.credentials,
payload: data && JSON.stringify(data) || "",
contentType,
};
let header = CryptoUtils.computeHAWK(this.uri, method, options);
this.setHeader("Authorization", header.field);
- this._log.trace("hawk auth header: " + header.field);
}
for (let header in this.extraHeaders) {
this.setHeader(header, this.extraHeaders[header]);
}
this.setHeader("Content-Type", contentType);
--- a/services/common/rest.js
+++ b/services/common/rest.js
@@ -262,17 +262,17 @@ RESTRequest.prototype = {
this.channel = channel;
channel.loadFlags |= this.loadFlags;
channel.notificationCallbacks = this;
this._log.debug(`${method} request to ${this.uri.spec}`);
// Set request headers.
let headers = this._headers;
for (let key in headers) {
- if (key == "authorization") {
+ if (key == "authorization" || key == "x-client-state") {
this._log.trace("HTTP Header " + key + ": ***** (suppressed)");
} else {
this._log.trace("HTTP Header " + key + ": " + headers[key]);
}
channel.setRequestHeader(key, headers[key], false);
}
// REST requests accept JSON by default
@@ -431,26 +431,27 @@ RESTRequest.prototype = {
// Throw the failure code and stop execution. Use Components.Exception()
// instead of Error() so the exception is QI-able and can be passed across
// XPCOM borders while preserving the status code.
if (!statusSuccess) {
let message = Components.Exception("", statusCode).name;
let error = Components.Exception(message, statusCode);
this._log.debug(this.method + " " + uri + " failed: " + statusCode + " - " + message);
+ // Additionally give the full response body when Trace logging.
+ if (this._log.level <= Log.Level.Trace) {
+ this._log.trace(this.method + " body", this.response.body);
+ }
this._deferred.reject(error);
return;
}
this._log.debug(this.method + " " + uri + " " + this.response.status);
- // Additionally give the full response body when Trace logging.
- if (this._log.level <= Log.Level.Trace) {
- this._log.trace(this.method + " body", this.response.body);
- }
+ // Note that for privacy/security reasons we don't log this response body
delete this._inputStream;
this._deferred.resolve(this.response);
},
onDataAvailable(channel, cb, stream, off, count) {
// We get an nsIRequest, which doesn't have contentCharset.
--- a/services/sync/modules/resource.js
+++ b/services/sync/modules/resource.js
@@ -112,17 +112,17 @@ Resource.prototype = {
// PUT and POST are treated differently because they have payload data.
if (("PUT" == method || "POST" == method) && !headers.has("content-type")) {
headers.append("content-type", "text/plain");
}
if (this._log.level <= Log.Level.Trace) {
for (const [k, v] of headers) {
- if (k == "authorization") {
+ if (k == "authorization" || k == "x-client-state") {
this._log.trace(`HTTP Header ${k}: ***** (suppressed)`);
} else {
this._log.trace(`HTTP Header ${k}: ${v}`);
}
}
}
if (!headers.has("accept")) {