Skip to content

Commit

Permalink
Fix RequestBuilder to send explicitly sensitive headers
Browse files Browse the repository at this point in the history
Closes #1549
  • Loading branch information
seanmonstar committed May 31, 2022
1 parent 28840af commit d536ce2
Showing 1 changed file with 25 additions and 1 deletion.
26 changes: 25 additions & 1 deletion src/async_impl/request.rs
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,12 @@ impl RequestBuilder {
match <HeaderName as TryFrom<K>>::try_from(key) {
Ok(key) => match <HeaderValue as TryFrom<V>>::try_from(value) {
Ok(mut value) => {
value.set_sensitive(sensitive);
// We want to potentially make an unsensitive header
// to be sensitive, not the reverse. So, don't turn off
// a previously sensitive header.
if sensitive {
value.set_sensitive(true);
}
req.headers_mut().append(key, value);
}
Err(e) => error = Some(crate::error::builder(e.into())),
Expand Down Expand Up @@ -840,6 +845,25 @@ mod tests {
assert!(req.headers()["authorization"].is_sensitive());
}

#[test]
fn test_explicit_sensitive_header() {
let client = Client::new();
let some_url = "https://localhost/";

let mut header = http::HeaderValue::from_static("in plain sight");
header.set_sensitive(true);

let req = client
.get(some_url)
.header("hiding", header)
.build()
.expect("request build");

assert_eq!(req.url().as_str(), "https://localhost/");
assert_eq!(req.headers()["hiding"], "in plain sight");
assert!(req.headers()["hiding"].is_sensitive());
}

#[test]
fn convert_from_http_request() {
let http_request = HttpRequest::builder()
Expand Down

0 comments on commit d536ce2

Please sign in to comment.