Enhancing Request Controller for Security

[projkov]

Hello everyone

During the Connectathon in Australia, we received feedback regarding a security issue. Test results can be shared, but we believe the authorization header in request data should be hidden for security reasons.

I propose enhancing the request controller to include an option to hide the value of the header named 'Authorization' when ENV['SAFE_MODE'] is set to true. What do you think?

[projkov]

Hello, just a friendly reminder.

We need these changes due to a security issue. I’ve prepared a PR with the changes. It would be great to get any feedback or an estimated timeline for review.

Thanks!

[Jammjammjamm]

This would require major changes to how Inferno works. Authorization header values don't only appear in the requests using those headers. They also appear in test inputs/outputs, in token requests, and in input dialogs. Our recommendation is that users run Inferno locally if they want to use it with sensitive data.