diff --git a/exchange/bidder.go b/exchange/bidder.go index 5b6da499093..9707ddcb4fe 100644 --- a/exchange/bidder.go +++ b/exchange/bidder.go @@ -167,10 +167,6 @@ func (bidder *bidderAdapter) requestBid(ctx context.Context, request *openrtb2.B if debugInfo := ctx.Value(DebugContextKey); debugInfo != nil && debugInfo.(bool) { if accountDebugAllowed { if bidder.config.DebugInfo.Allow { - // it's safe to mutate the request headers since from this point on the - // information is only used for debugging. - removeSensitiveHeaders(httpInfo.request.Headers) - seatBid.httpCalls = append(seatBid.httpCalls, makeExt(httpInfo)) } else { debugDisabledWarning := errortypes.Warning{ @@ -331,9 +327,10 @@ func getAssetByID(id int64, assets []nativeRequests.Asset) (nativeRequests.Asset var authorizationHeader = http.CanonicalHeaderKey("authorization") -// removeSensitiveHeaders mutates the http header object to remove sensitive information. -func removeSensitiveHeaders(h http.Header) { - h.Del(authorizationHeader) +func filterHeader(h http.Header) http.Header { + clone := h.Clone() + clone.Del(authorizationHeader) + return clone } // makeExt transforms information about the HTTP call into the contract class for the PBS response. @@ -343,7 +340,7 @@ func makeExt(httpInfo *httpCallInfo) *openrtb_ext.ExtHttpCall { if httpInfo != nil && httpInfo.request != nil { ext.Uri = httpInfo.request.Uri ext.RequestBody = string(httpInfo.request.Body) - ext.RequestHeaders = httpInfo.request.Headers + ext.RequestHeaders = filterHeader(httpInfo.request.Headers) if httpInfo.err == nil && httpInfo.response != nil { ext.ResponseBody = string(httpInfo.response.Body) diff --git a/exchange/bidder_test.go b/exchange/bidder_test.go index 7c01cd84c83..41ca420a433 100644 --- a/exchange/bidder_test.go +++ b/exchange/bidder_test.go @@ -974,6 +974,50 @@ func TestMakeExt(t *testing.T) { Status: 999, }, }, + { + description: "Request & Response - No Error with Authorization removal", + given: &httpCallInfo{ + err: nil, + request: &adapters.RequestData{ + Uri: "requestUri", + Body: []byte("requestBody"), + Headers: makeHeader(map[string][]string{"Key1": {"value1", "value2"}, "Authorization": {"secret"}}), + }, + response: &adapters.ResponseData{ + Body: []byte("responseBody"), + StatusCode: 999, + }, + }, + expected: &openrtb_ext.ExtHttpCall{ + Uri: "requestUri", + RequestBody: "requestBody", + RequestHeaders: map[string][]string{"Key1": {"value1", "value2"}}, + ResponseBody: "responseBody", + Status: 999, + }, + }, + { + description: "Request & Response - No Error with nil header", + given: &httpCallInfo{ + err: nil, + request: &adapters.RequestData{ + Uri: "requestUri", + Body: []byte("requestBody"), + Headers: nil, + }, + response: &adapters.ResponseData{ + Body: []byte("responseBody"), + StatusCode: 999, + }, + }, + expected: &openrtb_ext.ExtHttpCall{ + Uri: "requestUri", + RequestBody: "requestBody", + RequestHeaders: nil, + ResponseBody: "responseBody", + Status: 999, + }, + }, { description: "Request & Response - Error", given: &httpCallInfo{ @@ -1029,7 +1073,7 @@ func TestMakeExt(t *testing.T) { } } -func TestRemoveSensitiveHeaders(t *testing.T) { +func TestFilterHeader(t *testing.T) { testCases := []struct { description string given http.Header @@ -1043,7 +1087,7 @@ func TestRemoveSensitiveHeaders(t *testing.T) { { description: "Empty", given: http.Header{}, - expected: map[string][]string{}, + expected: http.Header{}, }, { description: "One", @@ -1073,8 +1117,8 @@ func TestRemoveSensitiveHeaders(t *testing.T) { } for _, test := range testCases { - removeSensitiveHeaders(test.given) - assert.Equal(t, test.expected, test.given, test.description) + result := filterHeader(test.given) + assert.Equal(t, test.expected, result, test.description) } }