Open
Description
Expected behavior
Cookies are filtered from request headers metadata, as Cookie
is included in the default filters.
Observed behavior
Request
tab contains a headers
map with cookie
present.
Steps to reproduce
We’re using bugsnag-spring
with Spring Boot 2.0.9 and Tomcat 9.0.30.
Version
3.6.1
Additional information
It looks like the issue is that the underlying servlet implementation stores header keys case-insensitively, so the default Cookie
filter does not match. When it comes to filtering, I think it would make sense to make all comparisons case-insensitive, so that a filter for "password"
matches "USER_PASSWORD"
, "adminPassword"
, etc.