Add option for omitting request data from Faraday exceptions #1526
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adds an option to the
:raise_error
middleware that prevents request data from being included in the generated Faraday exception.Request data can include sensitive headers (e.g.
Authorization
) or other request parameters. Uncaught exceptions tend to make their way into bug trackers, which is not a place where you want sensitive information to go!In order to prevent request data from being included in Faraday exceptions, you can now configure the
:raise_error
middleware so that it is omitted:Todos
Additional Notes
Request data started being bundled in Faraday exceptions in #1181.
To prevent this from becoming a breaking change, I preserved the existing behaviour - request data is included by default.
That said, I would love to see request data omitted by default in a future major version. As a user of this gem, I don't expect "response" data to include "request" data.