Goal

Make sure that all data sanitization using Config.ParamsFilters behaves the same. the ParamsFilters slice should contain "sensitive substrings", so if a key contains any of the ParamsFilters, it should be considered sensitive.

This is already the case in the metadata sanitizer:

Design

Why was this approach to the goal used?

Use the same string.Contains logic also for request headers. Makes sure to filter heades like Set-Cookie or X-Service-Secret.

Changeset

Changed

Changed request_extractor.contains.

Tests

Updated the corresponding test case.

Discussion

Alternative Approaches

Outstanding Questions

Linked issues

Review

For the submitter, initial self-review:

• Commented on code changes inline explain the reasoning behind the approach
• Reviewed the test cases added for completeness and possible points for discussion
• A changelog entry was added for the goal of this pull request
• Check the scope of the changeset - is everything in the diff required for the pull request?
• This pull request is ready for:
  • Initial review of the intended approach, not yet feature complete
  • Structural review of the classes, functions, and properties modified
  • Final review

For the pull request reviewer(s), this changeset has been reviewed for:

• Consistency across platforms for structures or concepts added or modified
• Consistency between the changeset and the goal stated above
• Internal consistency with the rest of the library - is there any overlap between existing interfaces and any which have been added?
• Usage friction - is the proposed change in usage cumbersome or complicated?
• Performance and complexity - are there any cases of unexpected O(n^3) when iterating, recursing, flat mapping, etc?
• Concurrency concerns - if components are accessed asynchronously, what issues will arise
• Thoroughness of added tests and any missing edge cases
• Idiomatic use of the language