Add default list of ignored_parameters for most common authentication params/headers

author: Jordan Cook <jordan.cook@pioneer.com> 2022-04-10 12:15:46 -0500
committer: Jordan Cook <jordan.cook@pioneer.com> 2022-04-10 14:23:43 -0500
commit: d39fbfac0192fc9a2dc825dc17ede29776863f5f (patch)
tree: f222add93c23c4fabd68be204da86f8eb616ad90 /docs
parent: 4a593b0c16aa96d5912fb6605dec46b0dc4bf66e (diff)
download: requests-cache-d39fbfac0192fc9a2dc825dc17ede29776863f5f.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/docs/user_guide/security.md b/docs/user_guide/security.md
index cad4d3f..17cf380 100644
--- a/docs/user_guide/security.md
+++ b/docs/user_guide/security.md
@@ -69,3 +69,10 @@ BadSignature: Signature b'iFNmzdUOSw5vqrR9Cb_wfI1EoZ8' does not match
 ## Removing Sensitive Info
 The {ref}`ignored_parameters <filter-params>` option can be used to prevent credentials and other
 sensitive info from being saved to the cache. It applies to request parameters, body, and headers.
+
+Some are ignored by default, including:
+* `Authorization` header (most authentication systems)
+* `access_token` request param (used by OAuth)
+* `access_token` in POST body (used by OAuth)
+* `X-API-KEY` header (used by OpenAPI spec)
+* `api_key` request param (used by OpenAPI spec)
author	Jordan Cook <jordan.cook@pioneer.com>	2022-04-10 12:15:46 -0500
committer	Jordan Cook <jordan.cook@pioneer.com>	2022-04-10 14:23:43 -0500
commit	d39fbfac0192fc9a2dc825dc17ede29776863f5f (patch)
tree	f222add93c23c4fabd68be204da86f8eb616ad90 /docs
parent	4a593b0c16aa96d5912fb6605dec46b0dc4bf66e (diff)
download	requests-cache-d39fbfac0192fc9a2dc825dc17ede29776863f5f.tar.gz