Basic Auth Decode adds source to the trace
I have a proxy with the following policy
<BasicAuthentication name="Basic-Authentication">
<DisplayName>Basic Authentication</DisplayName>
<Operation>Decode</Operation>
<IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
<User ref="private.request.header.username"/>
<Password ref="private.request.header.password"/>
<Source>request.header.Authorization</Source>
</BasicAuthentication>
When I trace this proxy the request.header.Authrorization variable gets added to the trace as a variable. The Authorization header is masked in the Headers section but it shows up in the variables section. I was just wondering if that is by design or if it was overlooked. I think the source for the basic auth policy should never show up in the trace. The work around for me would be to mask the field but it would be much better if this was just solved for the policy in general.
Hmmm, that sounds like a bug to me, Daniel. Let me look into it further.
Best Answer
Answer by Dino-at-Google
·
Jun 19, 2018 at 10:02 PM
Daniel, I've raised a ticket (b/110429629) to have this fixed.
