Sanitization

Sanitization protects sensitive data (passwords, secret keys, etc.) from leakage.

You should always sanitize the log so no personal tokens and/or keys are leaked.

If you don't use sanitization, the request and response logs will not be available in the console.

...
"log": {
        "sanitize": ["request.headers.accesstoken"]
    }
...

Accesstoken is correctly mapped, so it's not exposed.

...
"log": {
        "sanitize": ["request.headers.token"]
    }
...

Notice, the accesstoken was mistaken for token. Therefore the accesstoken was exposed in the log.

Last updated 6 months ago