fix: extend header denylist (#889)

PostHog · Nov 14, 2023 · 6b70edb · 6b70edb
1 parent b16a062
commit 6b70edb
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/src/extensions/replay/config.ts b/src/extensions/replay/config.ts
@@ -31,8 +31,24 @@ export const defaultNetworkOptions: NetworkRecordOptions = {
     recordInitialRequests: false,
 }
 
+const HEADER_DENYLIST = [
+    'Authorization',
+    'X-FORWARDED-FOR',
+    'AUTHORIZATION',
+    'COOKIE',
+    'SET-COOKIE',
+    'X-API-KEY',
+    'X-REAL-IP',
+    'REMOTE-ADDR',
+    'FORWARDED',
+    'PROXY-AUTHORIZATION',
+    'X-CSRF-TOKEN',
+    'X-CSRFTOKEN',
+    'X-XSRF-TOKEN',
+]
+
 const removeAuthorizationHeader = (data: NetworkRequest): NetworkRequest => {
-    delete data.requestHeaders?.['Authorization']
+    HEADER_DENYLIST.forEach((header) => delete data.requestHeaders?.[header])
     return data
 }