@@ -70,12 +70,7 @@ func CustomRecoveryWithWriter(out io.Writer, handle RecoveryFunc) HandlerFunc {
7070 stack := stack (3 )
7171 httpRequest , _ := httputil .DumpRequest (c .Request , false )
7272 headers := strings .Split (string (httpRequest ), "\r \n " )
73- for idx , header := range headers {
74- key , _ , _ := strings .Cut (header , ":" )
75- if key == "Authorization" {
76- headers [idx ] = key + ": *"
77- }
78- }
73+ maskAuthorization (headers )
7974 headersToStr := strings .Join (headers , "\r \n " )
8075 if brokenPipe {
8176 logger .Printf ("%s\n %s%s" , err , headersToStr , reset )
@@ -131,6 +126,16 @@ func stack(skip int) []byte {
131126 return buf .Bytes ()
132127}
133128
129+ // maskAuthorization replaces any "Authorization: <token>" header with "Authorization: *", hiding sensitive credentials.
130+ func maskAuthorization (headers []string ) {
131+ for idx , header := range headers {
132+ key , _ , _ := strings .Cut (header , ":" )
133+ if strings .EqualFold (key , "Authorization" ) {
134+ headers [idx ] = key + ": *"
135+ }
136+ }
137+ }
138+
134139// source returns a space-trimmed slice of the n'th line.
135140func source (lines [][]byte , n int ) []byte {
136141 n -- // in stack trace, lines are 1-indexed but our array is 0-indexed
0 commit comments