Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
currently http error logging of urls contains full URL including passwords. #49988
Description of Issue/Question
Currently whenever a log uses cp.get_url or most other https actions that could result in a http error. that error is logged with the URL. However that url could contain the username and password information for a basic authentication scheme.
Since central logging could be in use it is difficult to control who has access to those logs.
So password masking would be of great help with url logging.
Simplest test is to use file.managed. and a downed http server. But really any kind of logging that has a URL in it will do this two examples follow
Ideally something like the following would be better
Steps to Reproduce Issue
happens in all versions