Address remaining feedback.

lukeelmers · lukeelmers · commit 5d87516c0fa9 · 2021-02-03T15:08:53.000-07:00
diff --git a/src/core/server/http/integration_tests/logging.test.ts b/src/core/server/http/integration_tests/logging.test.ts
@@ -57,10 +57,6 @@ describe('request logging', () => {
                 },
               },
             },
-            root: {
-              appenders: ['test-console', 'default'],
-              level: 'warn',
-            },
             loggers: [
               {
                 context: 'http.server.response',
@@ -107,10 +103,6 @@ describe('request logging', () => {
               },
             },
           },
-          root: {
-            appenders: ['test-console', 'default'],
-            level: 'warn',
-          },
           loggers: [
             {
               context: 'http.server.response',
diff --git a/src/core/server/http/logging/get_response_log.test.ts b/src/core/server/http/logging/get_response_log.test.ts
@@ -169,6 +169,31 @@ describe('getEcsResponseLog', () => {
         }
       `);
     });
+
+    test('does not mutate original headers', () => {
+      const reqHeaders = { authorization: 'a', cookie: 'b', 'user-agent': 'hi' };
+      const resHeaders = { headers: { 'content-length': 123, 'set-cookie': 'c' } };
+      const req = createMockHapiRequest({
+        headers: reqHeaders,
+        response: { headers: resHeaders },
+      });
+      getEcsResponseLog(req, logger);
+      expect(reqHeaders).toMatchInlineSnapshot(`
+        Object {
+          "authorization": "a",
+          "cookie": "b",
+          "user-agent": "hi",
+        }
+      `);
+      expect(resHeaders).toMatchInlineSnapshot(`
+        Object {
+          "headers": Object {
+            "content-length": 123,
+            "set-cookie": "c",
+          },
+        }
+      `);
+    });
   });
 
   describe('ecs', () => {
diff --git a/src/core/server/http/logging/get_response_log.ts b/src/core/server/http/logging/get_response_log.ts
@@ -20,19 +20,15 @@ const REDACTED_HEADER_TEXT = '[REDACTED]';
 
 // We are excluding sensitive headers by default, until we have a log filtering mechanism.
 function redactSensitiveHeaders(
-  headers: Record<string, string | string[]>
+  headers?: Record<string, string | string[]>
 ): Record<string, string | string[]> {
-  return (
-    headers &&
-    Object.keys(headers).reduce(
-      (acc, key) => ({
-        // Create a shallow copy to prevent mutating the original headers
-        ...acc,
-        [key]: FORBIDDEN_HEADERS.includes(key) ? REDACTED_HEADER_TEXT : headers[key],
-      }),
-      {} as Record<string, string | string[]>
-    )
-  );
+  const result = {} as Record<string, string | string[]>;
+  if (headers) {
+    for (const key of Object.keys(headers)) {
+      result[key] = FORBIDDEN_HEADERS.includes(key) ? REDACTED_HEADER_TEXT : headers[key];
+    }
+  }
+  return result;
 }
 
 /**
