Observation
I'm setting bugsnag.setFilters("Authorization"); so that I can filter out a sensitive header.
When using cURL -u username:password, I noticed the 'authorization' header was still present in the BugSnag dashboard. HTTP headers are case insensitive and a server has no control over how a client will case the header names. I could filter both but that would be plain silly bugsnag.setFilters("authorization", "Authorization").
Expected Result
Update the Java SDK at the mentioned line below to compare the strings in a case insensitive way.
Side note: This same line below has an undocumented and undesired behaviour since it's written as if(key.contains(filter)). If I filter on name, it will filter as well name1 and username. This is not desirable, especially since it's undocumented, but also because it forces developers to rename variables to avoid filter clashes..
Source of the Issue
|
if (key.contains(filter)) { |
Observation
I'm setting
bugsnag.setFilters("Authorization");so that I can filter out a sensitive header.When using cURL -u username:password, I noticed the 'authorization' header was still present in the BugSnag dashboard. HTTP headers are case insensitive and a server has no control over how a client will case the header names. I could filter both but that would be plain silly
bugsnag.setFilters("authorization", "Authorization").Expected Result
Update the Java SDK at the mentioned line below to compare the strings in a case insensitive way.
Side note: This same line below has an undocumented and undesired behaviour since it's written as
if(key.contains(filter)). If I filter onname, it will filter as wellname1andusername. This is not desirable, especially since it's undocumented, but also because it forces developers to rename variables to avoid filter clashes..Source of the Issue
bugsnag-java/bugsnag/src/main/java/com/bugsnag/util/FilteredMap.java
Line 116 in 5248de5