Skip to content

Strip sensitive info from HTTP errors #3878

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bfops merged 3 commits into from
Dec 17, 2025
Merged

Strip sensitive info from HTTP errors #3878

bfops merged 3 commits into from
Dec 17, 2025

Conversation

@gefjon
Copy link
Contributor

@gefjon gefjon commented Dec 12, 2025

Description of Changes

reqwest includes the full URL in its errors, including query params. This is unfortunate, as query params can contain sensitive info like API tokens. It's difficult for modules to clean these themselves, as they see errors as strings, losing the structure of reqwest::Error.
In this commit, we strip query parts out of URLs in errors before returning them to modules. I've also audited all of the error return paths in the http_request method and left comments justifying why the unchanged ones are safe.

API and ABI breaking changes

Only if you consider the format of error messages part of our API, which I don't. Procedure APIs aren't stable yet anyways.

Expected complexity level and risk

1

Testing

None yet - accepting input from reviewers about desired tests if we feel that's necessary.

@gefjon
Strip sensitive info from HTTP errors
3b0d733 
`reqwest` includes the full URL in its errors, including query params.
This is unfortunate, as query params can contain sensitive info like API tokens.
It's difficult for modules to clean these themselves, as they see errors as strings,
losing the structure of `reqwest::Error`.
In this commit, we strip query parts out of URLs in errors before returning them to modules.
I've also audited all of the error return paths in the `http_request` method
and left comments justifying why the unchanged ones are safe.
JulienLavocat
JulienLavocat approved these changes Dec 12, 2025
View reviewed changes
Copy link
Contributor

@JulienLavocat JulienLavocat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - One small typo

@gefjon @JulienLavocat
Update crates/core/src/host/instance_env.rs
e688111 
Co-authored-by: Julien Lavocat <JulienLavocat@users.noreply.github.com>
Signed-off-by: Phoebe Goldman <phoebe@goldman-tribe.org>
coolreader18
coolreader18 approved these changes Dec 12, 2025
View reviewed changes
Copy link
Collaborator

@coolreader18 coolreader18 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gefjon gefjon enabled auto-merge December 12, 2025 19:44
@bfops bfops added the release-any To be landed in any release window label Dec 15, 2025
@gefjon gefjon added this pull request to the merge queue Dec 16, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 16, 2025
@bfops bfops added this pull request to the merge queue Dec 16, 2025
Merged via the queue into master with commit cc2ac54 Dec 17, 2025
53 of 61 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JulienLavocat JulienLavocat JulienLavocat approved these changes

@coolreader18 coolreader18 coolreader18 approved these changes

Assignees

No one assigned

Labels

release-any To be landed in any release window

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@gefjon @JulienLavocat @coolreader18 @bfops