Capture request headers #270
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jessarcher
force-pushed
the
capture-request-headers
branch
3 times, most recently
from
f4e7fac to
e2bb8e0
Compare
jessarcher
commented
Sep 22, 2025
jessarcher
commented
Sep 29, 2025
jessarcher
force-pushed
the
capture-request-headers
branch
from
119c64d to
970f633
Compare
timacdonald
reviewed
Oct 7, 2025
timacdonald
reviewed
Oct 7, 2025
timacdonald
approved these changes
Oct 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces the capturing of request headers on inbound requests.
The following headers will be redacted by default:
Cookie- cookie names will be captured, but cookie values will be redacted.AuthorizationandProxy-Authorization- the authorization type (e.g. Basic, Bearer) will be captured, but the remainder of the value will be redacted.X-XSRF-TOKEN- the full value will be redacted.The redacted headers can be customized with the
NIGHTWATCH_REDACT_HEADERSenvironment variable. E.g:The value specified here will override the defaults, so be sure to keep the default values if you wish for them to be redacted.
When a header is redacted, the header name is always preserved so you know what headers were present. The value will be replaced by an indication of how many bytes were redacted. E.g.
[123 bytes redacted].