Remove cookies from logging output

HTTP cookies are shared across all ports on a host. The log might contain session ids or CSRF tokens from other applications on the same host.
2017-08-14 18:16:46 +02:00 · 2017-08-14 18:16:46 +02:00 · a73a7ab193
commit a73a7ab193
parent f87c16a42b
1 changed files with 2 additions and 0 deletions
--- a/radicale/init.py
+++ b/radicale/init.py
@ -250,6 +250,8 @@ class Application:
        authorization = request_environ.get("HTTP_AUTHORIZATION", "")
        if mask_passwords and authorization.startswith("Basic"):
            request_environ["HTTP_AUTHORIZATION"] = "Basic **masked**"
+        if request_environ.get("HTTP_COOKIE"):
+            request_environ["HTTP_COOKIE"] = "**masked**"

        return request_environ