pixeldin commented on code in PR #8206:
URL: https://github.com/apache/apisix/pull/8206#discussion_r1008968203
##########
apisix/plugins/jwt-auth.lua:
##########
@@ -407,6 +434,27 @@ function _M.rewrite(conf, ctx)
return 401, {message = "failed to verify jwt"}
end
+ -- check for hiding `Authorization` request header if `hide_credentials`
is `true`
+ if conf.hide_credentials then
+ -- hide sensitive field
+ if from_header then
+ -- hide for header
+ local temp_token = core.request.header(ctx, conf.header)
+ core.request.set_header(ctx, conf.header, nil)
+
+
Review Comment:
Thx for your advice, I will cover it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
