diff --git a/src/__tests__/extensions/replay/config.test.ts b/src/__tests__/extensions/replay/config.test.ts index 4892c6356..77ced9b8e 100644 --- a/src/__tests__/extensions/replay/config.test.ts +++ b/src/__tests__/extensions/replay/config.test.ts @@ -75,6 +75,20 @@ describe('config', () => { 'content-type': 'edited', }) }) + + it('case insensitively removes headers on the deny list', () => { + const networkOptions = buildNetworkRequestOptions(defaultConfig(), {}) + const cleaned = networkOptions.maskRequestFn!({ + url: 'something', + requestHeaders: { + AuThOrIzAtIoN: 'Bearer 123', + 'content-type': 'application/json', + }, + }) + expect(cleaned?.requestHeaders).toEqual({ + 'content-type': 'application/json', + }) + }) }) }) }) diff --git a/src/extensions/replay/config.ts b/src/extensions/replay/config.ts index 513db7fd6..d0e573130 100644 --- a/src/extensions/replay/config.ts +++ b/src/extensions/replay/config.ts @@ -32,23 +32,25 @@ export const defaultNetworkOptions: NetworkRecordOptions = { } const HEADER_DENYLIST = [ - 'Authorization', - 'X-FORWARDED-FOR', - 'AUTHORIZATION', - 'COOKIE', - 'SET-COOKIE', - 'X-API-KEY', - 'X-REAL-IP', - 'REMOTE-ADDR', - 'FORWARDED', - 'PROXY-AUTHORIZATION', - 'X-CSRF-TOKEN', - 'X-CSRFTOKEN', - 'X-XSRF-TOKEN', + 'authorization', + 'x-forwarded-for', + 'authorization', + 'cookie', + 'set-cookie', + 'x-api-key', + 'x-real-ip', + 'remote-addr', + 'forwarded', + 'proxy-authorization', + 'x-csrf-token', + 'x-csrftoken', + 'x-xsrf-token', ] const removeAuthorizationHeader = (data: NetworkRequest): NetworkRequest => { - HEADER_DENYLIST.forEach((header) => delete data.requestHeaders?.[header]) + Object.keys(data.requestHeaders ?? {}).forEach((header) => { + if (HEADER_DENYLIST.includes(header.toLowerCase())) delete data.requestHeaders?.[header] + }) return data }