Mask URL variables from response headers (!105000) · Merge requests · GitLab.org / GitLab

Bojan Marjanovic requested to merge bmarjanovic/webhook-encrypted-tokens-headers-masking into master Nov 24, 2022

What does this MR do and why?

In some scenarios, the webhook endpoint may (unintentionally) return information that contains values that are supposed to be masked. This information will then show on the webhook logs page.

Screenshots or screen recordings

How to set up and validate locally

Set up a webhook using https://webhook.site
Mask the value after .site
Test the webhook
Validate that masked value is not a part of the Webhook Logs response headers

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 24, 2022 by Bojan Marjanovic

Mask URL variables from response headers

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports