ake/paperclip
1
0
Fork 0
mirror of https://github.com/alkimake/paperclip.git synced 2026-06-14 18:10:39 +09:00
Code Issues Projects Releases Packages Wiki Activity

fix(security): redact Bearer tokens from server log output

Browse source 
Pino logged full Authorization headers in plaintext to server.log,
exposing JWT tokens to any process with filesystem read access.
Add redact paths so Bearer values appear as [Redacted] in log output.

Closes #2385
This commit is contained in:
plind-dm 2026-04-03 23:50:45 +09:00
parent ca8d35fd99
commit 2af64b6068
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/src/middleware/logger.ts
View file

@ -28,6 +28,7 @@ const sharedOpts = {
export const logger = pino({
level: "debug",
redact: ["req.headers.authorization", "req.headers[\"authorization\"]"],
}, pino.transport({
targets: [
{