Thanks everyone. I went ahead with GIT_REDACT_AUTHORIZATION to match
GIT_REDACT_COOKIES, with the default being true (i.e. you need to set it
to "0" to have behavior change).
An alternative is to name it as non-authorization-specific, e.g.
GIT_TRACE_REDACT, as suggested by others. But as far as I can tell, we
currently only redact auth (by default) and cookies (opt-in, since we
need the user to tell us exactly which cookies to redact), so it seems
better to me to have auth redaction be a peer to cookie redaction,
rather than being controlled by a flag that controls everything.
Jonathan Tan (3):
t5551: test that GIT_TRACE_CURL redacts password
http: make GIT_TRACE_CURL auth redaction optional
http, imap-send: stop using CURLOPT_VERBOSE
Documentation/git.txt | 8 +++++--
http.c | 19 ++++++++++++---
http.h | 7 ++++++
imap-send.c | 2 +-
t/t5551-http-fetch-smart.sh | 46 ++++++++++++++++++++++++++++++++++++
t/t5581-http-curl-verbose.sh | 2 +-
trace.c | 20 ++++++++++++----
trace.h | 6 +++++
8 files changed, 99 insertions(+), 11 deletions(-)
Range-diff against v1:
-: ---------- > 1: 8c70a45b24 http: make GIT_TRACE_CURL auth redaction optional
1: 1df9e9deb7 ! 2: f5a29e8fa1 http, imap-send: stop using CURLOPT_VERBOSE
@@ imap-send.c: static CURL *setup_curl(struct imap_server_conf *srvc, struct crede
return curl;
## t/t5551-http-fetch-smart.sh ##
-@@ t/t5551-http-fetch-smart.sh: test_expect_success 'GIT_TRACE_CURL redacts auth details' '
- grep "Authorization: Basic <redacted>" trace
+@@ t/t5551-http-fetch-smart.sh: test_expect_success 'GIT_TRACE_CURL does not redact auth details if GIT_REDACT_A
+ grep "Authorization: Basic [0-9a-zA-Z+/]" trace
'
+test_expect_success 'GIT_CURL_VERBOSE redacts auth details' '
--
2.26.2.645.ge9eca65c58-goog
