Sometimes authentication information is sent over HTTP through cookies,
but when using GIT_TRACE_CURL, that information appears in logs. There
are some HTTP headers already redacted ("Authorization:" and
"Proxy-Authorization:") - the first patch extends such redaction to a
user-specified list.
I've also included another patch to allow omission of data transmission
information from being logged when using GIT_TRACE_CURL. This reduces
the information logged to that similar to GIT_CURL_VERBOSE.
(As for why not use GIT_CURL_VERBOSE instead - that is because
GIT_CURL_VERBOSE does not perform any redaction, merely using Curl's
default logging mechanism.)
The patches are ready for merging, but I marked this as "RFC" just in
case there is a better way to accomplish this.
Jonathan Tan (2):
http: support cookie redaction when tracing
http: support omitting data from traces
http.c | 82 ++++++++++++++++++++++++++++++++++++++++-----
t/t5551-http-fetch-smart.sh | 24 +++++++++++++
2 files changed, 98 insertions(+), 8 deletions(-)
--
2.16.0.rc1.238.g530d649a79-goog
