Conversation
When publishing headertrace behind an API Gateway some HTTP Headers ment for internal usage are added during the HTTP request routing. Those headers can reveal sensitive detail of the internal infrastructure. While revealing those headers is part of the goal of headertrace, returning them to each client request could pose security issues. This commit adds an option to redact known sensitive headers and another one to allow dropping custom headers. When dropped, the headers are logged at the debug level. Fixes #1 Signed-off-by: Francesco Giudici <dev@foggy.day>
There was a problem hiding this comment.
Pull request overview
This PR adds configurable header redaction to headertrace so it can be safely exposed behind API gateways/CDNs without echoing potentially sensitive infrastructure headers back to clients (Fixes #1).
Changes:
- Extend
hdrs.ToMapto support dropping an explicit list of headers and an optional “privacy mode” that removes Cloudflare +X-Forwarded-*headers. - Add CLI flags
-P/--privacyand-D/--drop-headerand wire them through the server handler. - Log dropped headers at debug level for troubleshooting.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| pkg/headers/headers.go | Adds drop-header filtering + privacy-mode filtering when converting http.Header to a map. |
| cmd/cmd.go | Introduces new CLI flags and passes them into request header echoing. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Spotted by Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Francesco Giudici <fgiudici@foggy.day>
Also add general description and binary version to the help. Signed-off-by: Francesco Giudici <dev@foggy.day>
Signed-off-by: Francesco Giudici <dev@foggy.day>
Signed-off-by: Francesco Giudici <dev@foggy.day>
Signed-off-by: Francesco Giudici <dev@foggy.day>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When publishing
headertracebehind an API Gateway some HTTP Headers meant for internal usage are added during the HTTP request routing. Those headers can reveal sensitive details of the internal infrastructure.While revealing those headers is exactly the goal of
headertrace, returning them to each client request could pose security issues if the HTTP endpoint is widely reachable.This PR adds a boolean option to redact known sensitive headers ('-P' to enable privacy mode) and another one ('-D`) to allow dropping custom headers.
When dropped, the headers are logged (at the debug level) to still allow inspecting and debugging HTTP headers transformations.
Fixes #1