From 871bf81c229cb482b67d41f460e55970e8fdf922 Mon Sep 17 00:00:00 2001 From: Fitz Elliott Date: Thu, 10 Aug 2017 11:10:00 -0400 Subject: [PATCH] Remove headers from HTTPServerRequest repr * In tornadoweb/tornado#1112 it was decided to stop including headers in the request repr, since they are needlessly verbose and risk leaking user secrets into the application log. --- tornado/httputil.py | 3 +-- tornado/test/httputil_test.py | 4 ++++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tornado/httputil.py b/tornado/httputil.py index a98273aec..f2b289b32 100755 --- a/tornado/httputil.py +++ b/tornado/httputil.py @@ -467,8 +467,7 @@ class HTTPServerRequest(object): def __repr__(self): attrs = ("protocol", "host", "method", "uri", "version", "remote_ip") args = ", ".join(["%s=%r" % (n, getattr(self, n)) for n in attrs]) - return "%s(%s, headers=%s)" % ( - self.__class__.__name__, args, dict(self.headers)) + return "%s(%s)" % (self.__class__.__name__, args) class HTTPInputError(Exception): diff --git a/tornado/test/httputil_test.py b/tornado/test/httputil_test.py index 7ac799257..1521ca03e 100644 --- a/tornado/test/httputil_test.py +++ b/tornado/test/httputil_test.py @@ -418,6 +418,10 @@ class HTTPServerRequestTest(unittest.TestCase): requets = HTTPServerRequest(uri='/') self.assertIsInstance(requets.body, bytes) + def test_repr_does_not_contain_headers(self): + request = HTTPServerRequest(uri='/', headers={'Canary': 'Coal Mine'}) + self.assertTrue('Canary' not in repr(request)) + class ParseRequestStartLineTest(unittest.TestCase): METHOD = "GET" -- 2.47.2