Hide refresh_token/client_secret/naIdToken fields in logs, ignore Cloudflare HTML errors

2026-03-21 18:04:10 -05:00 · 2025-07-25 19:05:36 +01:00 · 2025-07-25 19:05:36 +01:00 · 0f0f666ea6
commit 0f0f666ea6
parent 4452947187
2 changed files with 12 additions and 3 deletions
--- a/src/api/util.ts
+++ b/src/api/util.ts
@ -27,6 +27,15 @@ export class ErrorResponse<T = unknown> extends Error {

        Object.defineProperty(this, ErrorResponseSymbol, {enumerable: false, value: ErrorResponseSymbol});

+        if (response.status === 502 &&
+            response.headers.get('Server') === 'cloudflare' &&
+            response.headers.get('Content-Type')?.match(/^text\/html(;|$)/)
+        ) {
+            // Cloudflare returns it's own HTML error page for HTTP 502 errors
+            // Logging this isn't helpful so just discard it
+            body = 'Bad Gateway\n';
+        }
+
        if (body instanceof ArrayBuffer) {
            body = (new TextDecoder()).decode(body);
        }
--- a/src/util/debug.ts
+++ b/src/util/debug.ts
@ -70,10 +70,10 @@ function applyFormatters(args: [formatter: string, ...args: unknown[]], self = d

 const censor_fields = [
    'token',
-    // NA OIDC
-    'access_token', 'id_token',
+    // OAuth/OIDC
+    'access_token', 'id_token', 'refresh_token', 'client_secret',
    // Coral
-    'accessToken', 'supportId',
+    'accessToken', 'supportId', 'naIdToken',
    // Moon
    'serialNumber', 'notificationToken',
 ];