Skip to content

Redact sensitive parts of URLs in reqwest errors#19147

Draft
zsol wants to merge 2 commits intomainfrom
zsol/jj-wpzkvnuxrwvr
Draft

Redact sensitive parts of URLs in reqwest errors#19147
zsol wants to merge 2 commits intomainfrom
zsol/jj-wpzkvnuxrwvr

Conversation

@zsol
Copy link
Copy Markdown
Member

@zsol zsol commented Apr 24, 2026
edited
Loading

This PR is part of a stack containing 2 PRs:

  1. main
  2. Redact pre-signed upload URLs in verbose output #19146
  3. "Redact sensitive parts of URLs in reqwest errors" (this PR)

@zsol zsol mentioned this pull request Apr 24, 2026
Merged
@zsol zsol marked this pull request as draft April 24, 2026 20:05
@zsol zsol force-pushed the zsol/jj-wpzkvnuxrwvr branch from a1f9827 to 441b9fa Compare April 24, 2026 20:19
@zsol zsol force-pushed the zsol/jj-nnvmtpkulklr branch from 1c95afc to 830a963 Compare April 24, 2026 20:19
zsol added a commit that referenced this pull request Apr 24, 2026
@zsol
Redact pre-signed upload URLs in verbose output (#19146)
84a3244 
This teaches `DisplaySafeUrl` about sensitive query parameters (that are
typically used to sign S3 requests) to avoid leaking them in verbose
logs.

Note: Errors might still contain these in two places:
- reqwest errors contain a raw url
- aws can return an error that itself contains the signature (this is
probably fine to display unredacted, as it only happens when the
signature is invalid anyway)

<!-- start jj-vine stack -->
This PR is part of a stack containing 2 PRs:

1. `main`
2. **"Redact pre-signed upload URLs" (this PR)**
3. #19147
<!-- end jj-vine stack -->
Base automatically changed from zsol/jj-nnvmtpkulklr to main April 24, 2026 23:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zsol