From 0b22056fca5340e19c0a39dcd4db084a364a2cd6 Mon Sep 17 00:00:00 2001
From: Austin Platt <austin.platt@artificial.io>
Date: Thu, 19 Oct 2023 10:35:29 +0100
Subject: [PATCH] wai-extra: redact `Authorization` header when logging a
 request

This is similar to what is done for cookies
---
 wai-extra/Network/Wai/Middleware/RequestLogger/JSON.hs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wai-extra/Network/Wai/Middleware/RequestLogger/JSON.hs b/wai-extra/Network/Wai/Middleware/RequestLogger/JSON.hs
index 11acdb067..12aed705f 100644
--- a/wai-extra/Network/Wai/Middleware/RequestLogger/JSON.hs
+++ b/wai-extra/Network/Wai/Middleware/RequestLogger/JSON.hs
@@ -148,6 +148,8 @@ requestHeadersToJSON :: RequestHeaders -> Value
 requestHeadersToJSON = toJSON . map hToJ where
   -- Redact cookies
   hToJ ("Cookie", _) = toJSON ("Cookie" :: Text, "-RDCT-" :: Text)
+  -- Redact authorization
+  hToJ ("Authorization", _) = toJSON ("Authorization" :: Text, "-RDCT-" :: Text)
   hToJ hd = headerToJSON hd
 
 responseHeadersToJSON :: [Header] -> Value