Improving safety of scrubKeys utility

aarongoin · aarongoin · commit 7449f618b1af · 2025-06-13T08:25:59.000-07:00
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "polyapi",
-  "version": "0.23.23",
+  "version": "0.23.24",
   "description": "Poly is a CLI tool to help create and manage your Poly definitions.",
   "license": "MIT",
   "repository": {
diff --git a/templates/axios.js b/templates/axios.js
@@ -43,9 +43,12 @@ axios.interceptors.request.use(
 );
 
 const scrubKeys = (err) => {
-  if (err.request) {
-    // Scrub the api key in the authorization header
-    err.request.headers['Authorization'] = `Bearer ********`;
+  if (err.request && typeof err.request.headers === 'object' && err.request.headers.Authorization) {
+    // Scrub any credentials in the authorization header
+    const [type, ...rest] = err.request.headers.Authorization.split(' ');
+    err.request.headers.Authorization = rest.length && type
+      ? `${type} ********`
+      : `********`;
   }
   throw err;
 };

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "polyapi",`
`3`		`- "version": "0.23.23",`
	`3`	`+ "version": "0.23.24",`
`4`	`4`	`"description": "Poly is a CLI tool to help create and manage your Poly definitions.",`
`5`	`5`	`"license": "MIT",`
`6`	`6`	`"repository": {`