diff options
author | Jordan Cook <jordan.cook@pioneer.com> | 2022-04-10 12:15:46 -0500 |
---|---|---|
committer | Jordan Cook <jordan.cook@pioneer.com> | 2022-04-10 14:23:43 -0500 |
commit | d39fbfac0192fc9a2dc825dc17ede29776863f5f (patch) | |
tree | f222add93c23c4fabd68be204da86f8eb616ad90 /docs | |
parent | 4a593b0c16aa96d5912fb6605dec46b0dc4bf66e (diff) | |
download | requests-cache-d39fbfac0192fc9a2dc825dc17ede29776863f5f.tar.gz |
Add default list of ignored_parameters for most common authentication params/headers
Diffstat (limited to 'docs')
-rw-r--r-- | docs/user_guide/security.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/user_guide/security.md b/docs/user_guide/security.md index cad4d3f..17cf380 100644 --- a/docs/user_guide/security.md +++ b/docs/user_guide/security.md @@ -69,3 +69,10 @@ BadSignature: Signature b'iFNmzdUOSw5vqrR9Cb_wfI1EoZ8' does not match ## Removing Sensitive Info The {ref}`ignored_parameters <filter-params>` option can be used to prevent credentials and other sensitive info from being saved to the cache. It applies to request parameters, body, and headers. + +Some are ignored by default, including: +* `Authorization` header (most authentication systems) +* `access_token` request param (used by OAuth) +* `access_token` in POST body (used by OAuth) +* `X-API-KEY` header (used by OpenAPI spec) +* `api_key` request param (used by OpenAPI spec) |