Skip to content

Plaintext credential is exposed in CommandError if Authorization is passed in http.extraHeader #1626

Open
@gabloe

Description

@gabloe

If credentials are passed in the URI, e.g. https://user:pass@foo.com/bar.git then the credential is properly removed from the cmdline in the exception, but if an authorization header is set via http.extraHeader then the credential is not stripped from the exception.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions