Open
Description
Describe your environment.
python==2.7
opencensus==0.7.3
opencensus-ext-requests==0.7.2
Steps to reproduce.
import opencensus.trace.config_integration
import requests
opencensus.trace.config_integration.trace_integrations([
'requests', # propagate Trace-Context header to other services that we call
'threading', # enable tracing inside ThreadPoolExecutors
])
url = 'https://user:password@myserver:8080/path'
resp = requests.post(url, data=request.data, params=params, headers=headers)What is the expected behavior?
I expect (and do see) a Span recorded of the POST to my custom url. However, I would prefer that the user:password not appear in plaintext. I'd be fine with it being omitted entirely.
What is the actual behavior?
When the url includes authentication, the span includes my authentication details logged in plaintext for all to see.
Additional context.
I can successfully work-around this by passing authentication via the requests's methods' auth=(user, passwd) argument. Then the Span is not annotated with user and password, since the URL does not contain them.