Merge pull request #1399 from scireum/mke/censor_oauth

Censures some more field use with oauth
scireum · Apr 4, 2024 · 45aeba5 · 45aeba5
2 parents 2812d0c + e230dbd
commit 45aeba5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/main/java/sirius/web/http/Response.java b/src/main/java/sirius/web/http/Response.java
@@ -105,7 +105,7 @@ public class Response {
      * Contains a set of parameter names which are censored in any output as we do not want to log user passwords etc.
      */
     private static final Set<String> CENSORED_LOWERCASE_PARAMETER_NAMES =
-            Set.of("password", "passphrase", "secret", "secretKey");
+            Set.of("password", "passphrase", "secret", "secretKey", "client_secret", "refresh_token", "access_token");
 
     /**
      * Contains the content type used for html.