pixeldin commented on code in PR #8206:
URL: https://github.com/apache/apisix/pull/8206#discussion_r1010472303
##########
apisix/plugins/jwt-auth.lua:
##########
@@ -407,6 +434,25 @@ function _M.rewrite(conf, ctx)
return 401, {message = "failed to verify jwt"}
end
+ -- check for hiding `Authorization` request header if `hide_credentials`
is `true`
+ if conf.hide_credentials then
+ -- hide sensitive field
+ if from_header then
+ -- hide for header
+ core.request.set_header(ctx, conf.header, nil)
+
+ elseif from_query then
+ -- hide for query
+ local args = core.request.get_uri_args(ctx)
+ args[conf.query] = nil
+ core.request.set_uri_args(ctx, args)
+
+ else
+ -- hide for cookie
+ set_our_cookie(conf.cookie, "deleted; Max-Age=0")
Review Comment:
I use the [lua-resty-cookie](https://github.com/cloudflare/lua-resty-cookie)
lib to update cookie this time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
