diff --git a/sentry_sdk/integrations/_wsgi_common.py b/sentry_sdk/integrations/_wsgi_common.py index 9f1b1399f0..bcac1eb2d4 100644 --- a/sentry_sdk/integrations/_wsgi_common.py +++ b/sentry_sdk/integrations/_wsgi_common.py @@ -31,6 +31,7 @@ "HTTP_SET_COOKIE", "HTTP_COOKIE", "HTTP_AUTHORIZATION", + "HTTP_PROXY_AUTHORIZATION", "HTTP_X_API_KEY", "HTTP_X_FORWARDED_FOR", "HTTP_X_REAL_IP", diff --git a/sentry_sdk/scrubber.py b/sentry_sdk/scrubber.py index 2857c4edaa..f863092108 100644 --- a/sentry_sdk/scrubber.py +++ b/sentry_sdk/scrubber.py @@ -34,6 +34,7 @@ "set_cookie", "cookie", "authorization", + "proxy-authorization", "x_api_key", # other common names used in the wild "aiohttp_session", # aiohttp diff --git a/tests/integrations/fastapi/test_fastapi.py b/tests/integrations/fastapi/test_fastapi.py index d321db993c..e478d05c1d 100644 --- a/tests/integrations/fastapi/test_fastapi.py +++ b/tests/integrations/fastapi/test_fastapi.py @@ -265,6 +265,7 @@ async def test_original_request_not_scrubbed( async def _error(request: Request): logging.critical("Oh no!") assert request.headers["Authorization"] == "Bearer ohno" + assert request.headers["Proxy-Authorization"] == "Basic ohno" assert await request.json() == {"password": "secret"} return {"error": "Oh no!"} @@ -273,12 +274,18 @@ async def _error(request: Request): client = TestClient(app) client.post( - "/error", json={"password": "secret"}, headers={"Authorization": "Bearer ohno"} + "/error", + json={"password": "secret"}, + headers={ + "Authorization": "Bearer ohno", + "Proxy-Authorization": "Basic ohno", + }, ) event = events[0] assert event["request"]["data"] == {"password": "[Filtered]"} assert event["request"]["headers"]["authorization"] == "[Filtered]" + assert event["request"]["headers"]["proxy-authorization"] == "[Filtered]" def test_response_status_code_ok_in_transaction_context(sentry_init, capture_envelopes): diff --git a/tests/integrations/flask/test_flask.py b/tests/integrations/flask/test_flask.py index e117b98ca9..246a0cb4b0 100644 --- a/tests/integrations/flask/test_flask.py +++ b/tests/integrations/flask/test_flask.py @@ -903,19 +903,26 @@ def index(): logging.critical("oops") assert request.get_json() == {"password": "ohno"} assert request.headers["Authorization"] == "Bearer ohno" + assert request.headers["Proxy-Authorization"] == "Basic ohno" return "ok" events = capture_events() client = app.test_client() client.post( - "/", json={"password": "ohno"}, headers={"Authorization": "Bearer ohno"} + "/", + json={"password": "ohno"}, + headers={ + "Authorization": "Bearer ohno", + "Proxy-Authorization": "Basic ohno", + }, ) (event,) = events assert event["request"]["data"]["password"] == "[Filtered]" assert event["request"]["headers"]["Authorization"] == "[Filtered]" + assert event["request"]["headers"]["Proxy-Authorization"] == "[Filtered]" def test_response_status_code_ok_in_transaction_context( diff --git a/tests/integrations/starlette/test_starlette.py b/tests/integrations/starlette/test_starlette.py index 801cd53bf4..19f74754e7 100644 --- a/tests/integrations/starlette/test_starlette.py +++ b/tests/integrations/starlette/test_starlette.py @@ -954,6 +954,7 @@ def test_original_request_not_scrubbed(sentry_init, capture_events): async def _error(request): logging.critical("Oh no!") assert request.headers["Authorization"] == "Bearer ohno" + assert request.headers["Proxy-Authorization"] == "Basic ohno" assert await request.json() == {"password": "ohno"} return starlette.responses.JSONResponse({"status": "Oh no!"}) @@ -967,12 +968,16 @@ async def _error(request): client.post( "/error", json={"password": "ohno"}, - headers={"Authorization": "Bearer ohno"}, + headers={ + "Authorization": "Bearer ohno", + "Proxy-Authorization": "Basic ohno", + }, ) event = events[0] assert event["request"]["data"] == {"password": "[Filtered]"} assert event["request"]["headers"]["authorization"] == "[Filtered]" + assert event["request"]["headers"]["proxy-authorization"] == "[Filtered]" @pytest.mark.skipif(STARLETTE_VERSION < (0, 24), reason="Requires Starlette >= 0.24")