MCPcopy
hub / github.com/caddyserver/caddy / TestAdminHandlerServeHTTPRedactsSensitiveHeadersInLogs

Function TestAdminHandlerServeHTTPRedactsSensitiveHeadersInLogs

admin_test.go:258–301  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

256}
257
258func TestAdminHandlerServeHTTPRedactsSensitiveHeadersInLogs(t *testing.T) {
259 core, logs := observer.New(zap.InfoLevel)
260
261 defaultLoggerMu.Lock()
262 origLogger := defaultLogger.logger
263 defaultLogger.logger = zap.New(core)
264 defaultLoggerMu.Unlock()
265 t.Cleanup(func() {
266 defaultLoggerMu.Lock()
267 defaultLogger.logger = origLogger
268 defaultLoggerMu.Unlock()
269 })
270
271 handler := adminHandler{
272 mux: http.NewServeMux(),
273 }
274 req := httptest.NewRequest(http.MethodGet, "/", nil)
275 req.Header.Set("Authorization", "Bearer secret")
276 req.Header.Set("Cookie", "session=secret")
277 req.Header.Set("X-Test", "ok")
278 rr := httptest.NewRecorder()
279
280 handler.ServeHTTP(rr, req)
281
282 if logs.Len() == 0 {
283 t.Fatal("expected request log entry")
284 }
285
286 ctx := logs.All()[0].ContextMap()
287 headers, ok := ctx["headers"].(map[string]any)
288 if !ok {
289 t.Fatalf("expected headers field in log context, got %T", ctx["headers"])
290 }
291
292 if got := headers["Authorization"]; !reflect.DeepEqual(got, []any{"REDACTED"}) {
293 t.Fatalf("expected redacted Authorization header, got %#v", got)
294 }
295 if got := headers["Cookie"]; !reflect.DeepEqual(got, []any{"REDACTED"}) {
296 t.Fatalf("expected redacted Cookie header, got %#v", got)
297 }
298 if got := headers["X-Test"]; !reflect.DeepEqual(got, []any{"ok"}) {
299 t.Fatalf("expected X-Test header to remain visible, got %#v", got)
300 }
301}
302
303func initAdminMetrics() {
304 if adminMetrics.requestErrors != nil {

Callers

nothing calls this directly

Calls 4

ServeHTTPMethod · 0.95
CleanupMethod · 0.65
SetMethod · 0.45
LenMethod · 0.45

Tested by

no test coverage detected